Hi all:

I have been using Mikrotik routers and switches for a number of years in multiple different scenarios, but have never really worked much with Routing tables, Routing Marks, Connection Marks, etc. which is where I think this post may lead.
Here is my issue. I have ISP assigned IP addresses with a /28 network. I have multiple routers for different purposes, I split those /28 addresses as needed between the different routers. I am including a basic drawing of my issue, and how I have split up some of the addresses.
What I would like to do is consolidate some of my ISP to router connections. I would like to have multiple IP addresses on 1 incoming ethernet port (eth1).
I have tried it, but it doesn't seem to work properly.

I want to consolidate x.x.150.227 and x.x.150.232 on eth1 routing them internally to the proper server (the 2 servers use the same internal ports), and then back out using the proper IP addresses, not out just 1 IP.
x.x.150.232 to server1
x.x.150.227 to server2
When I tried it with my poor routing mark skills, I ended up with only 1 outside IP address working, the other although it was enabled, wouldn't respond.

Can anyone help me out?

Thanks,
Glenn

Assuming the servers have private IP addresses all you need is both addresses added to a single WAN interface and appropriate srcnat / dstnat rules, routing marks/tables and mangling are not required, e.g.
/ip address
add address=x.x.150.227/28 interface=ether1
add address=x.x.150.232/28 interface=ether1
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=x.x.150.227 dst-port=80,443 protocol=tcp to-addresses=z.y.x.70
add action=dst-nat chain=dstnat dst-address=x.x.150.232 dst-port=80,443 protocol=tcp to-addresses=z.y.x.60
add action=src-nat chain=srcnat out-interface=ether1 src-address=z.y.x.70 to-addresses=x.x.150.227
add action=src-nat chain=srcnat out-interface=ether1 src-address=z.y.x.60 to-addresses=x.x.150.232

TDW:
What allows the packets to go back out on the same IP the request came in on? ... I guess after re-reading your rules, it is the src-nat that sends it back out the correct path... ? ... OK... in this case, is the Masquerade ignored, but still used for other non-specific traffic?? Or should I say, not used because the rules tell the packet how to get out?

It seems that I tried your solution and it didn't work properly.

I will try again though to verify.

Thanks for taking the time to help.

Assuming the servers have private IP addresses all you need is both addresses added to a single WAN interface and appropriate srcnat / dstnat rules, routing marks/tables and mangling are not required, e.g.
/ip address
add address=x.x.150.227/28 interface=ether1
add address=x.x.150.232/28 interface=ether1
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=x.x.150.227 dst-port=80,443 protocol=tcp to-addresses=z.y.x.70
add action=dst-nat chain=dstnat dst-address=x.x.150.232 dst-port=80,443 protocol=tcp to-addresses=z.y.x.60
add action=src-nat chain=srcnat out-interface=ether1 src-address=z.y.x.70 to-addresses=x.x.150.227
add action=src-nat chain=srcnat out-interface=ether1 src-address=z.y.x.60 to-addresses=x.x.150.232

No, the connection tracking handles replies. The dstnat rules are for the inbound port forwarding, the srcnat rules are for any outbound connections from the servers e.g. package updates.

Rule order is important, any specific srcnat rules must appear before the generic srcnat/masquerade rule which handles any other devices on that private subnet.

TDW:

I wanted to post a follow up.

The Rules you showed me are working well. I was able to remove 1 WAN port on our WEB router and remove a 3rd router by adding 2 WAN IP's to my main router.

As a note though, I had to disable then re-enable the existing WAN IP after I added the extra WAN IP's. For some reason (maybe an internal routing table), the new WAN addresses wouldn't accept traffic, even through a reboot. Only toggling the original IP allowed the new WAN addresses to accept traffic.

All is working well now.

Thanks again for the help.

Glenn