Hmmm... not all, at least not for all boards. As far as I remember the default firewall settings for 75x and 951 allow ICMP on the input chain.The default settings on RouterBOARD block all input from WAN.
/ip fire nat add chain=srcnat src-address=192.168.x.0/24 action=src-nat to-addresses=1.1.1.(x+1)
I guess it's a good idea.After reading quite a lot about the subject, I came to a similar conclusion - more than 1 access point, but, what if I combined 2011 + AP per room, for example? Benchmarks suggest it would probably handle that. What do you think?
Try to sniff packets on the RB, on it's WAN interface. Apply a filter for the firewall IP address and check if the traffic is visible.The firewall responds to a ping from the Internet, Packet trace is done on the firewall external interface.