Hello,
I have a logical problem.
All my traffic is mangled with routing-mark and then routed to a connected node. Inside that node, I choose to route the traffic inside a tunnel, or send it back to my MikroTik router. When I send the traffic back to the router, in order to avoid a loop, I have another mangle that matches the same source IP, but only it also matches the incoming interface too. This second rule then sets the routing-mark to a different value that I match and route to the Internet. In order to be able to access the Internet, I also have a NAT rule that simply NATs all traffic that is going out of my Internet connection interface.
If I mangle some traffic to go directly to the Internet, the NAT rule works with no problem. But when I receive the same traffic from my other node, it does not match the NAT rule and is sent to the Internet without being NAT’ed. In fact, no NAT rule is matched.
Can anyone help me why this is happening?
It is worth mentioning that if I NAT the traffic inside my other node and change the return mangle node to match the new source IP, everything works fine.
Ether1 192.168.20.0/24
Ether2 192.168.10.0/24
Ether3 Internet
/ip firewall mangle print
chain=prerouting action=return src-address=192.168.20.0/24 in-interface=Ether2 log=no log-prefix=“”
chain=prerouting action=mark-routing new-routing-mark=to_GRE passthrough=no src-address-list=Home log=no log-prefix=“”
/ip firewall nat print
chain=srcnat action=masquerade out-interface=Ether3 log=no log-prefix=“”
/ip route export
add check-gateway=ping distance=1 gateway=192.168.10.101 routing-mark=to_GRE