Hello everybody!
Kinda stucked with dual wan dstnat plus QoS.
Here is part of my “/ip firewall mangle”
;;;ISP1
chain=prerouting action=mark-connection new-connection-mark=from-ISP1 passthrough=yes connection-state=new in-interface=ether1
chain=prerouting action=mark-routing new-routing-mark=ISP1 passthrough=yes connection-mark=from-ISP1 in-interface=bridge1
chain=output action=mark-routing new-routing-mark=ISP1 passthrough=yes connection-mark=from-ISP1
chain=output action=mark-routing new-routing-mark=ISP1 passthrough=yes src-address=<ISP1_IP>
;;;ISP2
chain=prerouting action=mark-connection new-connection-mark=from-ISP2 passthrough=yes connection-state=new in-interface=ether2
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes connection-mark=from-ISP2 in-interface=bridge1
chain=output action=mark-routing new-routing-mark=ISP2 passthrough=yes connection-mark=from-ISP2
chain=output action=mark-routing new-routing-mark=ISP2 passthrough=yes src-address=<ISP2_IP>
Everything works great on both providers, but if I am adding rules in mangle for Queue Trees after them - ISP2 dstnat not working.
;;; QoS_SMTP
chain=forward action=mark-connection new-connection-mark=smtp_connection passthrough=yes connection-state=new protocol=tcp dst-port=25
chain=forward action=mark-packet new-packet-mark=isp1_in_smtp_packet passthrough=no connection-mark=smtp_connection in-interface=ether1
chain=forward action=mark-packet new-packet-mark=isp1_out_smtp_packet passthrough=no connection-mark=smtp_connection out-interface=ether1
chain=forward action=mark-packet new-packet-mark=isp2_in_smtp_packet passthrough=no connection-mark=smtp_connection in-interface=ether2
chain=forward action=mark-packet new-packet-mark=isp2_out_smtp_packet passthrough=no connection-mark=smtp_connection out-interface=ether2
I believe that reason is behind changing of connection mark and I can mark packet directly, but maybe there is more effective (and spectacular) solution?
Best regards,
Vyacheslav.