Is it at all possible to create the following configuration?:

RB1:
eth1: Internet
eth2: trunk? to RB2/eth1
eth3: Lan2
eth4-10: Lan1 (subnet 192.168.1.0/24)

RB2:
eth1: trunk? to RB1/eth2
eth2: Lan2
eth3-10: Lan1 (subnet 192.168.2.0/24)

What I would like is to have Lan1 able to access all Lan1-ports on RB1 and RB2 and have access to internet. (but no access to Lan2)
Lan2 should basically be 2 computers connected one in each router with no access to anything else, no dhcp, no nothing.

Have Lan1+internet access working. but can't figure out how to configure Lan2.

I currently have Lan1 configured. with 192.168.1.0/24 on RB1, and 192.168.2.0/24 on RB2.
RB1/eth1 has firewall configured.
RB1/eth2 has ip 172.16.1.1/30 and a static static route to 192.168.2.0/24
RB2/eth1 has ip 172.16.1.2/30 and a static route to 172.16.1.1

If you want to span single LAN1 over both RBs (and likewise LAN2), then you'll have to use VLANs on the eth2 (interconnect). If you're not familiar with VLANs, then I suggest you to read through this excellent tutorial. While it might not perform optimally on your two RB2011s, you'll get going (and you might rework config later to get some performance).
I suggest that you use RB2 as smart switch, meaning it'll only have IP address in one of LANs (probably LAN1 as you want heavily restrict LAN2) and won't run any other function (firewall, router, DHCP server, ...).

The part with blocking some inter-(V)LAN communication should be done using appropriate firewall rules on RB which will be doing routing (both inter-VLAN and towards WAN).

Thank you so much, that tutorial was excellent!

First I should perhaps try to explain what I want to accomplish more clearly.
RB1/eth1 is Internet, WAN/ get external IP with DHCP. Internet should be firewalled and reachable from all ports on Lan1.
RB1/eth3 is also connected to internet, and should be "connected" to RB2/eth2. I would like to connect a computer to RB2/eth2 and that machine should get it's IP from my ISP's DHCP (so this machine is not behind a firewall or anything).

However I'm not sure if I understood correctly, so here is my best guess how I should do:

Set up RB1 as a router with a bridge with vlan-filtering.
eth1: wan
eth2: trunk vlan 10, 20. (connected to RB2/eth1)
eth3: access port vlan 20 (connected to wan/internet)

Have I understood correctly?
eth4-10: access port vlan 10

Set up RB2 as a switch
eth1: trunk vlan 10, 20. (connected to RB1/eth2)
eth2: access port vlan 20 (computer that gets IP from DHCP-server on internet connected to RB1/eth3)
eth 3-10 access port vlan 10

add one network to RB1 vlan 10 (for example 192.168.1.0/24, dhcp-server etc.)

Well, your latest explanation changes the game slightly. So if I understand you correctly: you actually have two WAN connections, one over eth1 and one over eth3 (both on RB1) ... you want to relay eth3 WAN to RB2?

On RB1, port eth2 is trunk towards RB2. The rest of ports (eth4-eth10) are used as LAN ports, and LAN uses eth1 WAN connection.

On RB2, port eth1 is trunk towards RB1, port eth2 is "hard wired" to "eth3 WAN" on RB1, the rest of ports (eth3-eth10) are used as LAN ports.

All LAN ports on both RBs are same LAN. There should be no interaction between LAN and "eth3 WAN" what so ever, obviously no interaction between both WANs and there should usual LAN/WAN interaction between LAN and "eth1 WAN" (via usual firewall rules and NAT). All management of both RBs should be done from LAN and none of RBs should have L3 (IP) connectivity with "eth3 WAN".

Interface RB2 eth2 should be transparently connected to RB1 eth3.

Is the above correct?

Yes your explanation is correct and so much better than my explanation, really sorry for the confusion.

The setup you outlined in post #3 seems to be spot on in this case.

When you're done with L2 setup, proceed with L3 setup. Some asorted notes:

• "eth1 WAN" setup will obviously go directly to eth1 interface on RB1.
• Then you'll need VLAN interface with vlan-id=10 for LAN IP setup on RB1 ... you'll both use it for management access and as gateway for LAN.
  To make this work, you'll have to set bridge as tagged member of VLAN 10 (that's the same configuration line where you'll set eth2 as tagged member and eth4-eth10 as untagged member of VLAN 10).
• no futher setup is needed for VLAN 20 ... setting eth3 as untagged and eth2 as tagged member should suffice
• on RB2 you'll have to make bridge tagged member of VLAN 10 as well (same as on RB1), together with eth1 being tagged member and eth3-eth10 untagged members of same VLAN.
• on RB2, you'll need vlan interface with vlan-id=10 (only for management purpose)
• on RB2 you can remove any trace of firewall rules while on RB1 you should keep using default firewall rules.
  To make it work on RB1, you'll have to adjust interface list memberships: you should remove eth2 and eth3 from LAN interface list and add VLAN Interface with vlan-id=10 to LAN interface list.

You'll most probably have to configure all of the above by using winbox MAC connect ... changing L2 settings is likely to cause disconnects. Sometimes it is necessary to make all configuration changes in two steps ... in first step most of changes are done, but you don't touch config of interface used for connecting from management computer. Then you connect via another interface (which should eventually have admin access) and if it works, change settings for the remaining port.

Concur thats why a networking diagram helps and then some written requirements based on users needs without any mention of devices and solutions.
Otherwise we play MKXs favourite game whackamole.