Hello,
I try to make a Portforwarding into VRF.
I explain, i have to different network isolate by VRF, traffic is isolated without any problem.
Portforwarding from internet is OK to, no problem about dst-nat outside from outside of the network.
But if a client on an other VRF woul access to the IP public using the VRF, i have no access because, he try to reply to the internal IP…
Ex of my VRF conf and a Port forward :
/interface vlan add interface=bonding1 name=V89-XXXX vlan-id=89
/ip address add address=10.0.89.1/24 interface=V89-XXXX network=10.0.89.0
/ip address add address=XX.73.XXX.139/24 interface=V2-XXXX network=XX.73.XXX.0
/ip firewall mangle add action=mark-routing chain=prerouting comment=XXXX dst-address=XX.73.XXX.139 new-routing-mark=XXXX
/ip firewall nat add action=src-nat chain=srcnat comment=XXXX routing-mark=XXXX to-addresses=XX.73.XXX.139
/ip route add check-gateway=ping distance=5 gateway=XX.73.XXX.2@main routing-mark=XXXX
/ip route vrf add interfaces=V89-XXXX route-distinguisher=65000:89 routing-mark=XXXX
/ip firewall nat add action=dst-nat chain=dstnat comment=XXXX dst-address=XX.73.XXX.139 dst-port=3389 protocol=tcp to-addresses=10.0.89.10
I try many thing with mangle with no success… 
Everyone have an idea ?
Julien