as expected I already used wiki, forums and videos to make my dual VDSL with PPC configuration working and i am more or less satisfied with speed (reason behind all of this was idiotic policy of our ISP to disallow bonding for certain speeds).
Problem is indeed with portforwarding... it is kinda chaotic.
VDSL1~pppoe1~VLAN1(id848)~public static ip~184.108.40.206
VDSL2~pppoe2~VLAN2(id848)~public static ip~220.127.116.11
both VDSLs do have same GW (same ISP)
RDP port through WAN: 5000
bridge ~ LAN ~ DHCP server ~ 192.168.100.0/24
Fundamentally i need to access my home workstation from my workplace through forwarded rdp port. But when i am checking the state of connections in winbox (IP-Firewall-Connections (filter: Reply Src. Address/Port=3389) I can sometimes see in destination address column/field value "18.104.22.168:5000" and connection mark column value "GTW2" (or "22.214.171.124:5000" together with connection mark "GTW1"), this state results in failed TCP handshake, ofc.
Other attemps may work but only when its paired correctly like 126.96.36.199:5000 -connection mark ->GTW1 or 188.8.131.52:5000 - connection mark -> GTW2.
On certain different types of connections I have even seen connection mark to be altering between GTW1 and GTW2, for same connection it may change in time. Ups
From my understanding when packet goes from one VDSL to my home network, reply packet does not always return through the same VDSL line to internet (incoming GW and outgoing GW are not the same).
Is following config working as intended and portwarding cannt work ever at all? Or do i have to make some workaround that would included PCC bypass for certain incoming connections?
I am not a mikrotik professional nor networking mastermind. I tried to get training but this human malware is obstructing everything....
Please, any comment is welcome. I am slowly loosing my mind doubting everything what works so far.
/ip firewall mangle add action=accept chain=prerouting in-interface=pppoe1 add action=accept chain=prerouting in-interface=pppoe2 add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe1 new-connection-mark=GTW1 passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe2 new-connection-mark=GTW2 passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=GTW1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=GTW2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 add action=mark-routing chain=prerouting connection-mark=GTW1 in-interface=bridge new-routing-mark=GTW1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=GTW2 in-interface=bridge new-routing-mark=GTW2 passthrough=yes add action=mark-routing chain=output connection-mark=GTW1 new-routing-mark=GTW1 passthrough=yes add action=mark-routing chain=output connection-mark=GTW2 new-routing-mark=GTW2 passthrough=yes
/ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe1 src-address=192.168.100.0/24 add action=masquerade chain=srcnat out-interface=pppoe2 src-address=192.168.100.0/24 add action=dst-nat chain=dstnat dst-port=5000 protocol=tcp to-addresses=192.168.100.120 to-ports=3389
/ip route add check-gateway=ping distance=1 gateway=pppoe1 routing-mark=GTW1 add check-gateway=ping distance=2 gateway=pppoe2 routing-mark=GTW2 add check-gateway=ping distance=1 gateway=pppoe1 add check-gateway=ping distance=2 gateway=pppoe2 add distance=3 gateway=pppoe1 add distance=5 gateway=pppoe2