Pihole and printer NAT and firewall problems

Hi there,
Recently I switched from the router provided by my ISP to a Mikrotik routerboard and I’m very happy with it.
However, I would like to do some change to my home network but I’m facing a few issues.
I have two subnets:
192.178.10.0/24 (my studio, including a pihole server, NAS and a network attached printer) and 192.178.50.0/24 (dedicated to IOT appliances, smart TV and so on and including a wifi mesh).
I setup the pihole address as primary DNS server in the IP section and it looks like everything is working fine so far.
However, I’d like to isolate the two subnets so that wifi connected devices on subnet 192.178.50.0 can’t access the studio subnet. I can do that, pretty easy via firewall but then…devices on 192.178.50.0 can’t reach the pihole server on 192.178.10.0. I added the exception for the pihole server (192.178.10.94) but it’s not working. Maybe it is the wrong place?
Here is the set of forward rules>

add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
[flash=]add action=drop chain=forward disabled=yes dst-address=!192.178.10.89 \
    src-address=192.178.50.0/24[/flash]
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN

Secondly, also the printer is not accessible anymore from IOT lan. I can live with that but I’d like to add an exception in order the mobile phones to access printer.
Finally, I’ve tried to set destination nat rules to force any device to use pihole (so that, hopefully, youtube app on mobile phones or smart tv is not displaying advertising), but this is causing everything no to work on subnet 192.178.50.0/24. I used the rules following this short tutorial: https://www.youtube.com/watch?v=EdzDCkFaskc.

I’m now studing the documentation and some network management, but any help and hint would be very appreciated.

Full config
/export file=anynameyouwish ( minus router serial number and any public WANIP info )

First of all, why are you using 192.178.x.y addresses for your local LAN? That is not private IP space - and in fact I was just able to ping something on the public address that is your PiHole.

And then as anav asked, please pot your complete config.
To export and paste your configuration (and I’m assuming you are using WebFig or Winbox), open a terminal window,
and type (without the quotes) “/export hide-sensitive file=any-filename-you-wish”. Then open the files section
and right click on the filename you created and select download in order to download the file to your computer.
It will be a text file with whatever name you saved to with an extension of .rsc. Open that file in your favorite
text editor and redact any sensitive information if desired / needed. Then in your message here, click the code
display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks
like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.

Fair enough…My mistake. Changed to private IP space.

Tomorrow I’ll export the config after a few tries.! Thanks