Hello to all,
i am desperate regarding a problem i am facing with one of my customers and i kindly request from anyone to help solve this.

I have bought a routerboard RB2011UAS-RM and want to as a hotspot system.
My situation is this:
I have configured several vlans on the RB because i am doing router on a stick for serveral vlans we are using. So in details we have vlan MGMNT number 35, vlan HotSpot number 36 and finally vlan Network Number 38. All these vlans are passing through trunk link to the mikrotik where is then being routed accordingly. So for mgmnt vlan address is 192.168.35.0/24 for hotspot vlan is 192.168.36.0/23 and for network vlan is 192.168.38.0/24 with all of them having mikrotik as the gateaway for routing. Mikrotik has been configured to have .1 address on its vlan subnet for each configured vlan. so 35.1, 36.1 and 38.1

My problem i am facing is this. I do not want other traffic than HotSpot traffic to be NATed because my firewall which sits in in front of mikrotik cannot access the devices on those vlans. i have configured HotSpot vlan to be masqueraded correctly and for the other vlans what ever i do i cannot disable NAT and have routed for them.
I have already configured permitted firewall rules for those vlans and still the same. If i disable NAT i cannot ping from any of the hosts attached to those vlans to the firewall.

Thanks in Advance
Regards
Konstantinos

Hello
can you do an export compact of the configuration?

You can add a routing mark to the traffic that needs to be NATed and add the mark as required for you masquerade rule.

Or mark the opposite traffic and use the NOT rule.

You can add a routing mark to the traffic that needs to be NATed and add the mark as required for you masquerade rule.

Or mark the opposite traffic and use the NOT rule.

Hi Please find attached the export