When creating VLANs on the same interface is it necessary that they have IP addresses from different networks?

Ones I've created with addresses from the same network - ie VLAN1 192.168.0.10/24, VLAN2 192.168.0.20/24 seem to work quite happily and it makes routing a lot easier. However it seems to run counter to the rule that every interface on a router must be on a separate network.

Why would you want to? As I can't get port forwarding to work on RouterOS in the way it's supposed to I have to use dst-natting, so creating a VLAN for 192.168.0.20 I can then dst-nat this on to an internal network.

Im no expert but I managed to get port-forwarding working very simple (only been using it a few days too). Found the article on the wiki the rule Im using is:

You need to ensure that the internal network is masquardaded or the rule will not work.

ip firewall nat
add action=dst-nat chain=dstnat comment="SMTP to Exchange Server \
(Internet Provider)" disabled=no dst-address=external_ip_goes_here dst-port=25 protocol=tcp \
to-addresses=internal_ip_goes_here to-ports=25

Hope this might help!

Im no expert

Me neither, despite the fact I've wrestling with RouterOS for over 18 months!

Hope this might help!

Yes, it worked. That was how I thought it worked, so I don't know why it hasn't been this past 18 months! I used to get some sort of error message about not being able to do IP matching, or something like that.

Thanks.

No problems, I have used iptables on linux about 5 years ago so i have a good knowledge of that the mikrotik isnt too different really.