Hi ppl.
So i hit a bit of a wall. To keep thing kinda simple I will refer to these addresses ISP1: 130.130.130.146/29 and ISP2 : 120.120.120.49/29 and local 192.168.1.0.
I have been using as my default connection ISP1 and populated all related public IP addresses with web services, vpn and so one and asked to get more public IP addresses from my ISP, and they gave me another pool but other range, configured on the same port as ISP1 addresses. Now on interface ether1-gateway i have IPS1 and ISP2 addresses. My Mikrotik CRS125-24G-1S-2HnD was kind enough to spot that in IP --> Routes and I got a 0.0.0.0 default gateway connection to 120.120.120.49/29 --> reachable ether1-gateway, but it was blue, so I added in IP --> addresses the 120.120.120.49/29, he figured that the BC address is 120.120.120.48 network on ether1-gateway and after adding a different routing mark "second" the connection was marked as AS and prolly working.
I fw settings I added the standard rules that work with my other servers :
chain=input action=accept protocol=tcp dst-address=120.120.120.49 in-interface=ether1-gateway dst-port=80
Nat rule:
chain=dstnat dst-address=120.120.120.49 action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.1.34 (server address) to-port:80
(mascarade ofc)
These rules work when I'm using ISP1 addresses, just copied them and used the IP-s and ports I needed and on the other side there is nginx listening on port 80 for http. It all works localy because I made rules that use in-interface=bridge-local, so I can access my server local, but not from other locations over the public ISP2 address.
When I try to go from the public ISP2 ip i don't even get traffic in my NAT and FW counters, so my conclusion is that i missed something in the routing tables, routing rules or address ip config to say when a package comes from 120.120.120.49 (or some other address in that pool ) do a bridge local, and use the "main" routing tables. In the drop down meni for my ISP1 default configuration i don't have any selected routing mark, it's blank, maybe if i select "main" and in the routing rules make a rule something like dst-address=120.120.120.0/29 src-address=192.168.1.0/24 routing-mark=second interface=ether1-gateway action=lookup table=main.
Sry I know these is all confusing, and my English is not great, but if someone has a clue what I'm missing or have I made too much steps and MT gets confused. Any way thanks for reading and will give more info when asked.