lets say I have public IP 66.66.66.66. I want to allow users from LAN access services exposed via public IP. Unfortunately there's quadrillion of zone-like firewall rules, PBR, QoS and tons of other crap. Adding exceptions everywhere for such traffic would be complete clusterf*ck and I'm trying to avoid it like fire. Also seeing LAN IP address as source in server logs would be at best confusing and uncomfortable because direct access from lan to DMZ is obviously strictly forbidden. I can probably perform src-nat to external IP but still quite serious firewall reworking would be necessary.
I tried to use action=route in mangle table but it doesn't seem to work for packets recognized as "input" chain.
Our old ISP router could perform such routing (so that packets incoming to mikrotik had our external IP as source-address) but since we replaced it with pure modem, now we need to accomplish similar thing with mikrotik. Though it didn't really have any meaningful firewall for LAN traffic so it prorably had easier task...