Policy based routing help

RouterOS General
1

Hi there
I have Mikrotik hpa lite serve as AMPRNET router
It have two IP adresses on its interface
One is 192.168.1.X connected to the DMZ of the cable modem
other is 44.138.1.x To serve my AMPRNET network
i have a tunnel interface in the router and i get the 44.138 .1.x network
I have a default route of all packet to go to the Tunnel interface (because this router is only for 44 net traffic and this traffic only should go to the tunnel interface)
and some route to allow the tunnel itself establishment
So far so good all works ok … but
If i try to reach the Router ip on the 44 net i can access it
If i do the same to the router commercial ip (that passed to the DMZ of the cable modem and then to the Mikrotic router) i cant connect
More strange is that traceroute stop one step before reaching the router and ping works ok

the far end tunnel shows that the replies of the commercial ip side of my router goes to its tunnel interface rather then to the DMZ and to the ISP and the firewall at the tunnel far end discard the packets because its source address is not 44 IP …
This is the description
now i need to do policy based routing to force the 192.168.1.x Ip of the router to answer packets he get via the regular cable modem and not via the default route which sent everything to the tunnel
I have tried to do it with the mangle according to this example and others
https://wiki.mikrotik.com/wiki/Policy_Base_Routing
and no go
I have read somewhere that preroute chain (that appear in the example) not working on the router leg (traffic that pointed to the router itself) and that another method should be used such as in interface
Im stucked
Im new to the mikrotik interface and the CLI language i used to work with cisco 30 years ago the cli was totally different and i have forgot lot of it because i left the IT business
May someone help me solve this problem ?
I prefer by directing me entering the commands via the web interface but i can do it by the CLI if needed

  1. is there a way i can see the routes that got mark according to the route mark rule ? i dont see any when i do ip route …
  2. what is the ! sign that can be added in the source address when I make Mangle rule ?
    Thanks for every help
    Ronen-4Z4ZQ
    http://www.ronen.org