One for the brians, Using a RB2011UASRM for 2 seperate Networks

I have an RB2011UASRM, it has 2 x 5 port banks what appear as separate banks.

I have tried to use them as if they are separate, I have configured one as a NAT router with a public IP ..137.242/28 on the WAN and Local subnet on LAN, the first port on the bank is the WAN and the others switched together to form a 4 LAN port switch with DHCP server and local subnet 192.168.88.0/24 192.168.88.1 gateway, 8.8.8.8 as DNS all Straight forward ad it works, srcnat and masquerade set on WAN interface.

So I thought, I will configure the second bank in a similar way except public IP is ..137.243/28 and Local is 192.168.1.0/24 192.168.1.1 gateway, 8.8.8.8 as DNS and I have now changed the srcnat on each interface to include the src address which is either 192.168.88.0/24 or 192.168.1.0/24

It does not work, in fact nothing works, it even stops the working bank from working.

Any ideas?

Make sure your srcnat rules are sane:
chain=srcnat out-interface=wan src-address=192.168.88.0/24 action=src-nat to-address=x.x.x.242
chain=srcnat out-interface=wan src-address=192.168.1.0/24 action=src-nat to-address=x.x.x.243

Make sure the forward chain doesn’t block outbound traffic

A basic set of rules to protect from Internet, but allow internal connectivity / outbound access would look like this:

(this is pseudocode)
/ip firewall filter
chain=input
allow connection-state = established,related
allow icmp (possibly with some rate-limits to stop flooding)
drop in-interface=wan

chain=forward
allow connection-state = established,related
drop in-interface=wan