so, in normal conditions all traffic goes through int1 and is srcnatted with 1.2.3.4 address
but when 1.2.3.4 fails (no ping), corresponding route becomes invalid, and all traffic goes through int2. but! all old connections are srcnatted with 1.2.3.4 address, unless one removes these connections from ‘firewall-connections’.
is there any methods to change src-nat address for existent connections?
I don’t think so. There are a variety of methods to deal with this issue, but the easiest is to include something like:
/ip firewall connection remove [find]
in netwatch. You are using the distance metric to change the route, which is fine, but doesn’t give you as much flexibility as netwatch. Either way, you could add a netwatch script and include the above as part of the down script.
You could just write a scheduler script that runs every few seconds to detect the current gateway. If/when that changes, then have the scheduler run the command I suggested above.
You could use the scheduler as I suggested above. You could write a script that runs on another system that uses perl that will ssh into the router and have it do the work…you can write a script, then run that script from scheduler. You can use netwatch (you said it was too hard to use). There are many ways to accomplish what you are after…netwatch or scheduler are easiest/best. Why complicate it further than that?