First things first.... I need to fix why I can't ping the pihole (192.168.64.10) from the router (192.168.64.1)
I followed anav's suggestion and put in the srtnat and dstnat rules in (see below) but still cannot ping from router to pihole ("ping 192.168.64.10" from the router). I get a timeout.
DHCP Network is:
comment=Main network address=192.168.64.0/24 gateway=192.168.64.1 netmask=24 dns-server=192.168.64.10 wins-server= ntp-server=192.168.64.1 caps-manager= dhcp-option=
Firewall rules are below. I can't see where I'm going wrong (as ever!!). Any help would be gratefully received!
Charles
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp src-address-list=AllowToRouter
/ip firewall filter add action=accept chain=input comment="Allow LAN DNS&NTP queries-UDP" dst-port=53,123 in-interface-list=LAN protocol=udp
/ip firewall filter add action=accept chain=input comment="Allow LAN DNS queries-TCP" dst-port=53 in-interface-list=LAN protocol=tcp
/ip firewall filter add action=accept chain=input comment="defconf: Allowed to Router (HTML, SSH, Winbox)" dst-port=80,22,8291 in-interface-list=!WAN protocol=tcp src-address-list=AllowToRouter
/ip firewall filter add action=accept chain=input dst-address=127.0.0.0/8 log=yes src-address=127.0.0.0/8
/ip firewall filter add action=accept chain=input comment="Wireguard" dst-port=13233 protocol=udp
/ip firewall filter add action=add-src-to-address-list address-list=fulltimeGreylist address-list-timeout=none-static chain=input in-interface-list=WAN src-address-list=mygreylist3
/ip firewall filter add action=add-src-to-address-list address-list=mygreylist3 address-list-timeout=4h chain=input in-interface-list=WAN src-address-list=mygreylist2
/ip firewall filter add action=add-src-to-address-list address-list=mygreylist2 address-list-timeout=2h chain=input in-interface-list=WAN src-address-list=mygreylist
/ip firewall filter add action=add-src-to-address-list address-list=maybeBlacklist address-list-timeout=1h30m chain=input in-interface-list=WAN src-address-list=!whitelist
/ip firewall filter add action=reject chain=input comment="defconf: reject all from LAN that have got this far" in-interface-list=LAN reject-with=icmp-admin-prohibited
/ip firewall filter add action=drop chain=input comment="defconf: drop all else"
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="Stop cameras going out" log-prefix="Block Camera out:" out-interface-list=WAN src-address-list=Camera
/ip firewall filter add action=accept chain=forward comment="defconf: allow internet traffic" in-interface-list=LAN out-interface-list=WAN
/ip firewall filter add action=accept chain=forward comment="Access from trusted IPs to LAN" out-interface-list=LAN src-address-list=AllowToRouter
/ip firewall filter add action=accept chain=forward comment="Access from LAN to DNS Server .10" dst-address=192.168.64.10 in-interface-list=LAN
/ip firewall filter add action=reject chain=forward comment="defconf: reject all from LAN that have got this far" in-interface-list=LAN log=yes log-prefix="Last reject:" reject-with=icmp-admin-prohibited
/ip firewall filter add action=drop chain=forward comment="defconf: drop everything else"
/ip firewall nat add action=dst-nat chain=dstnat in-interface-list=LAN protocol=tcp src-address=!192.168.64.10 src-port=53 to-addresses=192.168.64.10
/ip firewall nat add action=dst-nat chain=dstnat in-interface-list=LAN protocol=udp src-address=!192.168.64.10 src-port=53 to-addresses=192.168.64.10
/ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.64.0/24 dst-port=53 protocol=udp src-address=192.168.64.0/24
/ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.64.0/24 dst-port=53 protocol=tcp src-address=192.168.64.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
/ip firewall raw add action=drop chain=prerouting log-prefix="Drop Raw" src-address-list=myblacklist
/ip firewall raw add action=drop chain=prerouting dst-address-list=myblacklist log=yes log-prefix="CH_Track Drop PreOut Raw"
/ip firewall raw add action=drop chain=output dst-address-list=myblacklist log=yes log-prefix="CH_Track Drop Output Raw"