Script issue 1 WAN, 4 Lan

Hey, so i’ve having a problem configuring my 951ui 2hnd. I’m trying to configure 1 dhcp wan interface, and 3 dhcp lan interfaces. I’ve got the wan interface getting an ip address from the router, and the 3 LAN interfaces giving out DHCP addresses correctly, and added firewall nat with masquarade.
I’ve also got another version of the script with some filter added to prevent communication between the subnets. Problem is that I cant access the internet via internal lan interfaces. The external wan interface can see the internet fine. Dont want to use bridge, or master ports as I want to keep these networks separate.

The scripts for these are below. Anyone have an idea as to why im unable to get internet access? I’m sure the answer is stareing me in the face, but im struggling.
/ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=wan-ip-address disabled=no

/ip dns set allow-remote-requests=yes servers=208.67.222.222

/ip address
add interface=ether2 address=192.168.10.1/24
add interface=ether3 address=192.168.15.1/24
add interface=ether5 address=192.168.20.1/24

/ip pool
add name=pool1 ranges=192.168.10.10-192.168.10.254
add name=pool2 ranges=192.168.15.10-192.168.15.254
add name=pool3 ranges=192.168.20.10-192.168.20.254

/ip dhcp-server
add disabled=no authoritative=yes bootp-support=none name=CGNS interface=ether1 address-pool=pool1
add disabled=no authoritative=yes bootp-support=none name=BBMC interface=ether2 address-pool=pool2
add disabled=no authoritative=yes bootp-support=none name=WLAN interface=ether5 address-pool=pool3

/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.20.0/24 gateway=192.168.20.1

/ip firewall nat
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment=nat-internet-access disabled=no

/ip firewall connection tracking
set enabled=yes

/ip firewall filter
add chain=forward action=accept connection-state=established
add chain=forward action=accept connection-state=related
add chain=forward action=drop connection-state=invalid
add chain=forward action=drop out-interface=!WAN src-address=192.168.10.0/24 comment=“Prevent inter-subnet communication”
add chain=forward action=drop out-interface=!WAN src-address=192.168.15.0/24 comment=“Prevent inter-subnet communication”
add chain=forward action=drop out-interface=!WAN src-address=192.168.20.0/24 comment="Prevent inter-subnet communication"Cheers, Chris

Last three lines, you do not have WAN defined anywhere so firewall basically will drop everything from local subnets.

Hell, i’m a bit slow today. Pored over that script and didnt notice that, or the 1st dhcp pool issue.
Now the fun part. ether2 is working properly, but ether3 and ether5 arent talking to the internet (dammit!)

Ok, thats just weird. ether 2 says it has internet connection, but cant actually get out to the internet (not helpful) ether 3 and 5 are still stubbornly refusing to connect except to their dhcp servers.