Access to external router on WAN2

RouterOS General
1

I have following configuration ( RB 450 )

clients group1 → ETH1 | | ETH5 → ext router1
clients group2 → ETH2 | | ETH4 → ext router2

group1 is 192.168.5.0/24
group2 is 192.168.1.0/24

ETH4 is 192.168.10.10
ETH5 is 192.168.110.10

ext router1 is 192.168.110.1
ext router2 is 192.168.10.1

Some clients form group2 are using ETH5 / router1

I want to have access to ext router 1 and to ext router 2 from both groups. I have made such NAT config

add action=masquerade chain=srcnat comment="dostep do routera TP" disabled=no \
    dst-address=192.168.110.0/24 out-interface=ether5_WAN_TP_DSL
add action=masquerade chain=srcnat comment="dostep do routera NETIA" \
    disabled=no dst-address=192.168.10.0/24 out-interface=ether4_WAN_Netia
add action=masquerade chain=srcnat comment="internet klienci" disabled=no \
    out-interface=ether4_WAN_Netia routing-mark=!DSL src-address=\
    192.168.1.0/24
add action=masquerade chain=srcnat comment="internet klienci lacze TP" \
    disabled=no out-interface=ether5_WAN_TP_DSL routing-mark=DSL src-address=\
    192.168.1.0/24
add action=masquerade chain=srcnat comment="internet grupa1" disabled=no \
    dst-address=!192.168.10.0/24 out-interface=ether5_WAN_TP_DSL src-address=\
    192.168.5.0/24

But clients from group1 don’t have access to router2 and clients from group2 don’t have access to router1

2

If I understand you correctly. We want internet access to go out via a specific WAN port but local traffic to use both WAN ports.

The solution was NOT NAT. You need to mangle the packets and add some routes. You will need to restore some of your original NAT rules.

Ip Firewall Mangle
Chain=Forward src=192.168.5.0/24 Routing Mark=To Eth 5
Chain=Forward src=192.168.1.0/24 Routing Mark=To Eth 4

Ip Routes
DST=0.0.0.0/0 Gateway=192.168.110.1 Type=unicast Distance=1 Scope=30 Target Scope=10 Routing Mark=To Eth 5
DST=0.0.0.0/0 Gateway=192.168.10.1 Type=unicast Distance=1 Scope=30 Target Scope=10 Routing Mark=To Eth 4

After you do that it will route the internet traffic only to the correct gateway. All other traffic will follow the main routing table allowing network access to both sides.