> ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; AT&T1
address=216.63.205.x/29 network=216.63.205.136 broadcast=216.63.205.143 interface=ether3 actual-interface=ether3
1 ;;; Seamless2
address=72.24.138.x/26 network=72.24.138.0 broadcast=72.24.138.63 interface=ether5 actual-interface=ether5
2 ;;; LAN Gateway
address=172.16.0.1/24 network=172.16.0.0 broadcast=172.16.0.255 interface=ether1 actual-interface=ether1
3 ;;; Seamless1
address=172.16.50.2/24 network=172.16.50.0 broadcast=172.16.50.255 interface=ether4 actual-interface=ether4
4 ;;; Live to forward
address=208.189.237.180/26 network=208.189.237.128 broadcast=208.189.237.191 interface=ether2 actual-interface=ether2
> ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=172.16.50.1 gateway-status=172.16.50.1 reachable ether4 check-gateway=ping distance=1 scope=30 target-scope=10
routing-mark=to_bb1
1 S dst-address=0.0.0.0/0 gateway=72.24.138.1 gateway-status=72.24.138.1 reachable ether5 check-gateway=ping distance=2 scope=30 target-scope=10
routing-mark=to_bb1
2 S dst-address=0.0.0.0/0 gateway=216.63.205.142 gateway-status=216.63.205.142 reachable ether3 check-gateway=ping distance=3 scope=30 target-scope=10
routing-mark=to_bb1
3 A S dst-address=0.0.0.0/0 gateway=72.24.138.1 gateway-status=72.24.138.1 reachable ether5 check-gateway=ping distance=1 scope=30 target-scope=10
routing-mark=to_bb2
4 S dst-address=0.0.0.0/0 gateway=172.16.50.1 gateway-status=172.16.50.1 reachable ether4 check-gateway=ping distance=2 scope=30 target-scope=10
routing-mark=to_bb2
5 S dst-address=0.0.0.0/0 gateway=216.63.205.142 gateway-status=216.63.205.142 reachable ether3 check-gateway=ping distance=3 scope=30 target-scope=10
routing-mark=to_bb2
6 A S dst-address=0.0.0.0/0 gateway=216.63.205.142 gateway-status=216.63.205.142 reachable ether3 check-gateway=ping distance=1 scope=30 target-scope=10
routing-mark=to_bb3
7 S dst-address=0.0.0.0/0 gateway=172.16.50.1 gateway-status=172.16.50.1 reachable ether4 check-gateway=ping distance=2 scope=30 target-scope=10
routing-mark=to_bb3
8 S dst-address=0.0.0.0/0 gateway=72.24.138.1 gateway-status=72.24.138.1 reachable ether5 check-gateway=ping distance=3 scope=30 target-scope=10
routing-mark=to_bb3
9 A S dst-address=0.0.0.0/0 gateway=208.189.237.190 gateway-status=208.189.237.190 reachable ether2 check-gateway=ping distance=1 scope=30 target-scope=1>
routing-mark=to_live
10 A S dst-address=0.0.0.0/0 gateway=216.63.205.142 gateway-status=216.63.205.142 reachable ether3 distance=1 scope=30 target-scope=10
11 ADC dst-address=72.24.138.0/26 pref-src=72.24.138.41 gateway=ether5 gateway-status=ether5 reachable distance=0 scope=10
12 ADC dst-address=172.16.0.0/24 pref-src=172.16.0.1 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
13 ADC dst-address=172.16.50.0/24 pref-src=172.16.50.2 gateway=ether4 gateway-status=ether4 reachable distance=0 scope=10
14 ADC dst-address=208.189.237.128/26 pref-src=208.189.237.158 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10
15 ADC dst-address=216.63.205.136/29 pref-src=216.63.205.141 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10
> interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R ;;; LAN
name="ether1" type="ether" mtu=1500 l2mtu=1526
1 R ;;; 208s
name="ether2" type="ether" mtu=1500 l2mtu=1522
2 R ;;; AT&T - bb3
name="ether3" type="ether" mtu=1500 l2mtu=1522
3 R ;;; Cable 1 - bb1
name="ether4" type="ether" mtu=1500 l2mtu=1522
4 R ;;; Cable 2 - bb2
name="ether5" type="ether" mtu=1500 l2mtu=1522
5 name="ether6" type="ether" mtu=1500 l2mtu=1522
6 name="ether7" type="ether" mtu=1500 l2mtu=1522
7 name="ether8" type="ether" mtu=1500 l2mtu=1522
8 name="ether9" type="ether" mtu=1500 l2mtu=1522
> ip firewall export
/ip firewall address-list
add address=172.16.0.0/24 comment="" disabled=no list=local_subnets
add address=172.16.1.0/24 comment="" disabled=no list=local_subnets
add address=172.16.2.0/24 comment="" disabled=no list=local_subnets
add address=172.16.3.0/24 comment="" disabled=no list=local_subnets
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=ether4 new-connection-mark=bb1 passthrough=no
add action=mark-connection chain=input comment="" disabled=no in-interface=ether5 new-connection-mark=bb2 passthrough=no
add action=mark-connection chain=input comment="" disabled=no in-interface=ether3 new-connection-mark=bb3 passthrough=no
add action=mark-connection chain=input comment="Mark live traffic" disabled=yes in-interface=ether2 new-connection-mark=live passthrough=no
add action=mark-routing chain=output comment="" connection-mark=bb1 disabled=no new-routing-mark=to_bb1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=bb2 disabled=no new-routing-mark=to_bb2 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=bb3 disabled=no new-routing-mark=to_bb3 passthrough=no
add action=mark-routing chain=output comment="live routing" connection-mark=live disabled=yes new-routing-mark=to_live passthrough=no
add action=mark-routing chain=prerouting comment="Local Traffic" disabled=no dst-address-list=local_subnets new-routing-mark=main passthrough=no src-address-list=local_subnets
add action=mark-connection chain=prerouting comment=new-live disabled=yes dst-address-type=!local in-interface=ether1 new-connection-mark=live passthrough=yes src-address=172.16.2.140
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=bb1 passthrough=yes per-connection-classifier=both-addresses:5/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=bb1 passthrough=yes per-connection-classifier=both-addresses:5/1
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=bb2 passthrough=yes per-connection-classifier=both-addresses:5/2
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=bb2 passthrough=yes per-connection-classifier=both-addresses:5/3
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=bb3 passthrough=yes per-connection-classifier=both-addresses:5/4
add action=mark-routing chain=prerouting comment=new-live connection-mark=live disabled=yes in-interface=ether1 new-routing-mark=to_live passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=bb1 disabled=no in-interface=ether1 new-routing-mark=to_bb1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=bb2 disabled=no in-interface=ether1 new-routing-mark=to_bb2 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=bb3 disabled=no in-interface=ether1 new-routing-mark=to_bb3 passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="Suspend redirect" disabled=no protocol=tcp src-address-list=suspend to-addresses=66.140.175.141 to-ports=81
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether4
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether5
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether3
add action=netmap chain=dstnat comment="live forward test" disabled=yes dst-address=208.189.237.180 to-addresses=172.16.2.140
add action=netmap chain=srcnat comment="live forward test" disabled=yes src-address=172.16.2.140 to-addresses=208.189.237.180
I'll add a diagram on the next post. I've removed the filter rules as while I'm testing this I disable when testing the netmapping, and once I have a working solution I'll re-enable them one by one, so at this stage they're not a hindrance.
The rules for the netmapping are currently disabled, as are the attempted mangles to get them to bypass the PCC. Thanks in advance for any assistance.