Hello,
I have two default gateways and input/output/forward mangle rules to ensure the packets go out on the same interface that they come in on. Everything works great and I can access the Mikrotik box from both external IP addresses. The problem is when I try to port forward for remote desktop it only works on one of the external IPs. Here is my config.
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=VoIP passthrough=yes src-port=15044 protocol=udp
add chain=prerouting action=mark-packet new-packet-mark=VoIP passthrough=yes dst-port=15044 protocol=udp
add chain=output action=mark-connection new-connection-mark=hsl-conn passthrough=yes src-address=1.1.1.2
add chain=input action=mark-connection new-connection-mark=hsl-conn passthrough=yes dst-address=1.1.1.2
add chain=forward action=mark-connection new-connection-mark=hsl-conn passthrough=yes in-interface=HighSpeedLink
add chain=output action=mark-routing new-routing-mark=hsl-route passthrough=yes connection-mark=hsl-conn
add chain=output action=mark-connection new-connection-mark=comcast-conn passthrough=yes src-address=2.2.2.2
add chain=input action=mark-connection new-connection-mark=comcast-conn passthrough=yes dst-address=2.2.2.2
add chain=forward action=mark-connection new-connection-mark=comcast-conn passthrough=yes in-interface=Comcast
add chain=output action=mark-routing new-routing-mark=comcast-route passthrough=yes connection-mark=comcast-conn
/ip firewall nat
add action=src-nat chain=srcnat comment=“” disabled=no out-interface=Comcast src-address=10.0.0.0/24 to-addresses=2.2.2.2 to-ports=30000-60000
add action=src-nat chain=srcnat comment=“” disabled=no out-interface=HighSpeedLink src-address=10.0.0.0/24 to-addresses=1.1.1.2 to-ports=30000-60000
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=2.2.2.2 dst-port=3389 protocol=tcp to-addresses=10.0.0.19 to-ports=3389
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=1.1.1.2 dst-port=3389 protocol=tcp to-addresses=10.0.0.19 to-ports=3389
/ip route
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.1 routing-mark=comcast-route scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.1 scope=30 target-scope=10
add comment=“” disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=30 target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=hsl-route scope=30 target-scope=10
/ip route rule
add action=lookup comment=“” disabled=no src-address=2.2.2.2/32 table=comcast-route
add action=lookup comment=“” disabled=no src-address=1.1.1.2/32 table=hsl-rout