Yea, hard to follow from your description. A drawing with how everything is connected would help.
Also, export your configurations and post.
here is my config
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add comment=T1 interface=ether5 name=805 vlan-id=805
add comment=T2 interface=ether5 name=807 vlan-id=807
/interface list
add name=WAN
/queue simple
add comment=ICMP_IN max-limit=100M/100M name=ICMP_IN packet-marks=ICMP_IN \
priority=1/1
add comment=ICMP_OUT max-limit=100M/100M name=ICMP_OUT packet-marks=ICMP_OUT \
priority=1/1
/queue tree
add name=ICMP_IN packet-mark=ICMP_IN parent=global priority=1
add name=ICMP_OUT packet-mark=ICMP_OUT parent=global priority=1
add disabled=yes name=Browsing packet-mark=browsing-packet parent=global \
priority=1 queue=default
add disabled=yes name=Download packet-mark=download-packet parent=global \
priority=5 queue=default
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
/ip address
add address=172.21.15.1/24 interface=807 network=172.21.15.0
/ip firewall address-list
add address=172.21.16.0/24 list=NAT
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=log chain=forward comment=" logs rule" connection-nat-state=\
srcnat,dstnat connection-state=new protocol=tcp src-address=0.0.0.0/0
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=postrouting new-packet-mark=ICMP_OUT \
passthrough=no protocol=icmp
add action=mark-packet chain=prerouting new-packet-mark=ICMP_IN passthrough=\
no protocol=icmp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
out-interface-list=WAN src-address-list=NAT
/ip hotspot ip-binding
add address=172.21.16.0/24
add address=0.0.0.0/0 type=blocked
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list !dst-port \
protocol=icmp !src-address !src-address-list
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes
/system scheduler
add interval=2m name=Host on-event="/ip hotspot host remove [find authorized=n\
o bypassed=no]\r\
\n:local dumplist \r\
\n}\r\
\n" policy=read,write,test,password,sniff start-time=startup
add interval=1m name=ICMP on-event="/queue simple move [find name=\"ICMP_IN\"]\
\_[:pick [find] 0]\r\
\n/queue simple move [find name=\"ICMP_OUT\"] [:pick [find] 1]" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2015 start-time=05:58:48
You do not have the required permissions to view the files attached to this post.