So I've tried to create a masquerade nat rule with src-address 192.168.88.5 and put it as the first nat rule but it looks like It doesn't do anything.
/ip firewall layer7-protocol
add name=dc-contab.root regexp=dc-contab.root
/ip firewall address-list
add address=217.10.195.122 list="WinBox Access"
add address=192.168.50.1-192.168.50.50 list="WinBox Access"
add address=192.168.100.0/24 list="WinBox Access"
/ip firewall filter
add action=drop chain=forward comment="Drop Invalid Connections RDS" connection-state=invalid in-interface="PPPoE RDS"
add action=drop chain=input connection-state=invalid in-interface="PPPoE RDS"
add action=drop chain=forward comment="Drop Invalid Connections VDF" connection-state=invalid in-interface=ETH2-VDF
add action=drop chain=input connection-state=invalid in-interface=ETH2-VDF
add action=drop chain=input comment="Drop DNS Requests" dst-port=53 in-interface="PPPoE RDS" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="PPPoE RDS" protocol=udp
add action=accept chain=input comment="Allow VPN Connection" dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=forward dst-port=50,68,123,320,500,6000,6006,7547,7548,4500 protocol=tcp
add action=accept chain=forward comment="Allow connections from LAN" in-interface="LAN Bridge"
add action=accept chain=forward comment="Allow connections from LAN" in-interface="SRV Bridge"
add action=fasttrack-connection chain=forward comment="Allow established connections" connection-state=established
add action=accept chain=forward comment="Allow related connections" connection-state=related
add action=accept chain=input comment="Allow Ping from WAN RDS" in-interface="PPPoE RDS" protocol=icmp
add action=accept chain=input comment="Allow Ping from WAN VDF" in-interface=ETH2-VDF protocol=icmp
add action=accept chain=input comment="Allow access to the router from WinBox Address List" src-address-list="WinBox Access"
add action=accept chain=input comment="Allow established connections to the router RDS" connection-state=established in-interface="PPPoE RDS"
add action=accept chain=input comment="Allow related connections to the router RDS" connection-state=related in-interface="PPPoE RDS"
add action=accept chain=input comment="Allow established connections to the router VDF" connection-state=established in-interface=ETH2-VDF
add action=accept chain=input comment="Allow related connections to the router VDF" connection-state=related in-interface=ETH2-VDF
add action=drop chain=input in-interface-list=!LAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.88.1 dst-port=53 layer7-protocol=dc-contab.root new-connection-mark=dc-contab.root-forward protocol=tcp
add action=mark-connection chain=prerouting dst-address=192.168.88.1 dst-port=53 layer7-protocol=dc-contab.root new-connection-mark=dc-contab.root-forward protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="WAN RDS-SERVER NAT" out-interface="PPPoE Server" src-address=192.168.88.5
add action=masquerade chain=srcnat comment="WAN RDS NAT" out-interface="PPPoE RDS" src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="WAN VDF NAT" out-interface=ETH2-VDF
add action=masquerade chain=srcnat comment="VPN NAT" out-interface="PPPoE RDS" src-address=192.168.50.1-192.168.50.254
add action=dst-nat chain=dstnat dst-address=86.123.175.221 dst-port=50,68,320,500,4500,6000,6006,7547,7548 in-interface="PPPoE RDS" protocol=tcp to-addresses=192.168.88.7 to-ports=0-65535
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=!192.168.88.1 src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment="Forward port 80 to Organizr" dst-address=!192.168.88.1 dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.88.5 to-ports=81
add action=dst-nat chain=dstnat comment="Forward port 443 to Organizr" dst-address=!192.168.88.1 dst-address-type=local dst-port=443 protocol=tcp to-addresses=192.168.88.5 to-ports=444
add action=dst-nat chain=dstnat comment="Forward port 6881-6999 to rTorrent" dst-address=!192.168.88.1 dst-address-type=local dst-port=6881-6999 protocol=tcp to-addresses=192.168.88.5 to-ports=6881-6999
add action=dst-nat chain=dstnat comment="RDP SRV" disabled=yes dst-address=86.123.175.221 dst-port=3389 in-interface="PPPoE RDS" protocol=tcp to-addresses=192.168.88.5 to-ports=3389
add action=dst-nat chain=dstnat comment="NAT dc-contab.root zone" connection-mark=dc-contab.root-forward to-addresses=192.168.100.100
add action=masquerade chain=srcnat connection-mark=dc-contab.root-forward
The routes are mostly dynamic besides 2 that are for my fail over connection and GRE Tunnel.
/ip route
add distance=10 gateway=192.168.1.1
add distance=1 dst-address=192.168.100.0/24 gateway=172.22.22.1
A photo of the routes can be seen in the attachment.
You do not have the required permissions to view the files attached to this post.