Hi,
I have a RB951 and have my ether1 as WAN port
ether 2, 3 and 4 are LAN PORTS with a DCHP server on it.
Ether 5 must be a separate network and must have only internet connection so must not be able to connect to LAN devices on ether 2, 3 or 4
How can I do this?

There's probably a better way, but to do this, I've used drop rules in IP > firewall > filter rules. It's easy enough to do src address as something on ether5 and dst address as something on ether2-4 and then have the action just be drop.

You could also do packet/connection/route marking to just force all traffic in either 5 to go out the wan.

Create a dedicated dhcp-server on ether5 with different subnet.
Allow that subnet/interface in forward chain only to leave ether1.
And check your masquerade Nat rule

Hi, thanks.
But how to do this?
Make the firewall rule and nat rule?

Post your current config. That makes it easier to give recommendations.