which rule i need for my RB5009 that i can forward all mqtt requests (shelly port 1885, tasmota port 1883) which are in VLAN10 and my IOBroker (MQTT Server) are in VLAN1.
Or my other possibility is that the IOBroker are in VLAN10 too but then i have problems with my yahka (Homebridge) interface in IOBroker. when i try this in this way my iphones and ipads dont see this instanz. The iphones and ipads are in vlan1.
iam a realy beginner with mikrotik routers, so maybe its give an other way.
Thnx for answers
Basically the inter VLAN routing should be enabled per default.
Hence, the “normal” way of doing what you want is not to enable forwarding but rather to actually restrict the inter-VLAN routing between VL10 and VL1 to traffic/connections originating from VL10 to the mqtt Broker (IP and ports) on VL1 (drop all others).
This will still allow connection from VL1 to VL10 (i.e. for administration of your shelly or tasmota devices).
What you should see in the filter rules in the forwarding chain on your device should reveal a pattern.
- They should allow for already established connections between all local networks
- and allow for all connections on LAN (or rather everything that is not WAN - hence you should add your VLANs to the “LAN” interface list).
Place your new rule between these two.
See also: https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall