I have a single mikrotik CCR1036-12G-4S router connected to 2 ISP lines from the same provider. One line (A) is for static IP subnet where we expose our servers. The other line (B) is dynamic IP where I configured a DHCP client and we use for outbound traffic.
Everything works OK except for incoming traffic from other external users of our provider which are given dynamic addresses in the same subnet as us (B). They cannot access our servers. Another user happens to live near our office and uses the same service provider, and it looks like his home connection connects to the same concentrator because he gets an address within the same subnet (same mask) as we get with our DHCP client. He cannot access our servers which is very bad because he happens to be my boss!
What I think is happening is that his connection comes through line (A) to our public static IP addresses, but the return packets go back through the second line (B) because as far as the router is concerned, it's connected directly to that interface.
Any way I can assure that packets coming one way go back the same way?
I suspect this can be solved with routing marks but I tried several things in the mangle and routing rules without success.