Hello everybody!

My MT has 2 WAN interfaces and 4 LANS. One of the WAN interfaces has a dedicated+3 Static Ip internet service and the other is a simple ADSL service. All of the 4 lans are configured with routing marks+policy routing to use one or another internet service (no ECMP, not interested in this and I've read about routing tables flushes). The issue I am dealing with is that I want to dst nat some ports from the dedicated internet services to specific computers on the lans. Due to routing marks I can only connect (make dstnat work) from the outside when the computer is in the routing mark (default gateway) of the same internet service, in this case the dedicated service. When I try to reach a device which leaves trought de ADSL it will never connect. Is there any way to mark inbound connections and tell them to leave the same gateway they come from??
Tried mangle->input interface->mark conn then mangle->output interface->input conn mark->mark routing and added the corresponding default gateway for the mark, without luck.

I've been reading lots of posts here in the forum and I can't get my config to work as I want.

What am I missing?

Thanks in advance

Can't you mark incoming NATed traffic with a different routing mark and exclude it from all the mangle rules that would send the answer out on the another interface?

By the way, some examples about how you configured your existing routing-marks would help getting a better overview on your problem.

After some time playing around I was able to resolve the problem. I figured out that the mangle rules I've used for routing marks weren't correct. It's running for some time now and I plan to add another gateway from a 3rd ISP in the future and see how it works. If someone is interested in configurations I used please let me know and I'll post them here.

Bye!

Yes please post them, looking for something myself.

Thanks.

I don´t know if it´s the same problem, but I will explain my solution....

I have 3 WANs, for example

10.10.10.10 ISP1 Ether1
20.20.20.20 ISP2 Ether2
30.30.30.30 ISP3 Ether3

In routes, Gateways :

GATEWAY Interface Routing Mark
10.10.10.1 Ether1
20.20.20.1 Ether2 ISP2-Mark
30.30.30.1 Ether3 ISP3-Mark

With this configuration, I made STATIC distribution on the differents WANs, ...
BUT, when i want to access MIKROTIK, I can only do it in 10.10.10.10 IP.... the others IP don´t work from outside...(20.20.20.20. and 30.30.30.30 do not answer pings for example....)

I ´d changed the default route (Ether1) :

GATEWAY Interface Routing Mark
10.10.10.1 Ether1 MAIN
20.20.20.1 Ether2 ISP2-Mark
30.30.30.1 Ether3 ISP3-Mark

And NOW,every public IP , answer !!!

Regards

I've had a similar issue but solved it a bit differently
At least I did not have problems with routing, I assigned different priorities (metric) per gateway and in my case also did routing by destination.

Then I created 3 different masquerade rules with the 3 WAN interfaces which solved the problem (after contacting MT support I have to add)

cheers

I've the same problem

can you explan in one example please?