Referring to the last example on this manual page,
http://www.mikrotik.com/docs/ros/2.9/ip/route, I only need to write a masquerade (SNAT) and a routing mark rule to get a computer with a private IP behind the router connected to the outside. How come I don't need a matching pair of rules to cater for the incoming packets as well? Under what circumstances would I NOT need to cater for the returning traffic?