OK, I'm going to admit right up front that I'm not knowledgable at all once I get beyond single-LAN SOHO applications. But here I am, trying to do something that I know is possible and learn along the way. Please bear with me.
At this point I've now got an ER-POE at the office and an ER-X at the owner's residence. My goal is to have clients on each LAN using their respective WANs but also be able to connect to local assets on the other LAN. So I'm using two Nanostation LocoM5 to bridge between eth0 on each router and set up static routes to connect the two subnets. I think.
I'm trying to keep this simple just to get the concept working, and can worry about access control later.
Both brand new routers.
Started with WAN-2LAN setup wizard
Setup is as follows:
R1-ER-POE (Office side)
LAN 2 - eth0 - 192.168.200.1/24
WAN - eth1
LAN 1 - eth2/3/4-sw0 - 192.168.5.1/24
DHCP server on 192.168.5.0/24 only
added static route 10.0.1.0/24 next-hop 192.168.200.2
R2 - ER-X (Residence side):
LAN 2 - eth0 - 192.168.200.2/24
WAN - eth1
LAN 1 - eth2/3/4-sw0 - 10.0.1.1/24
DHCP server on 10.0.1.0/24 only
addded static route 192.168.5.0/24 next-hop 192.168.200.1
Between R1 and R2 on eth0 I've got a pair of Nano M5s about 300 meters apart, they seem to be doing just fine. Love these things, they're just awesome little pieces of kit.
So now to what seems a little wierd.
From a computer on the 10.0.1.0 network on R2, I'm obviously not DISCOVERING available shares or printers on the other side (can I fix that?) but I CAN connect to the GUI on R1 at 192.168.5.1 OR at 192.168.200.1 - I can also connect to the server manually by IP address at 192.168.5.80, I can ping devices in the office, etc. So that seems to be working from this side.
But from the office side 192.168.5.0 network on R1, I can only reach R2 at 192.168.200.2 - if I try the 10.0.1.1 address it fails. I can't ping or connect to anything on the 10.0.1.0 network from here. So it seems like somehow in one direction, traffic coming across the bridge on LAN2 is successfully bridged to LAN1 but in the other direction the same doesn't happen.
The routing setup appears to be identical on both and I haven't set up anything beyond default firewall rules (I followed one tip and tried to set up a new ruleset on eth0 with default action set to accept on both routers and that made no difference so I removed it). I'm thinking there must be something just slightly different about the default configuration on the ER-POE and the ER-X that's getting in my way but I'm honestly not sure.
I don't think there's anything in the NS Loco M5 pairing that would obstruct traffic in one direction but not the other, they are again only set up with the minimum necessary to get the station locked to the AP.
This is probably a super basic issue but like I said, I'm just the tiniest bit over my head in this, so I appreciate any assistance. Config files attached for both routers in case that's easier than trying to read my explanation!