Consider the following network diagram
Everything works just fine... well almost
Internet traffic from all my LAN clients, LAN servers and DMZ server goes out via 22.214.171.124 (DKTVWAN) just as expected. From my DMZ I can only open new connections to the internet on port 80 and 443. My LAN and LAN servers is not reachable from the DMZ server at all. From my LAN the DMZ server can only be contacted through port 3389 and port 80. Sor far so good.
But I wan't to take advantage of both my static IP'ed internet connections for inbound traffic. The one thing I can't get my head around is why inbound internet traffic on port 126.96.36.199 port 80 is lost somewhere on the way back from my DMZ host 192.168.1.3 (Yes it's not 192.168.1.2 as shown in the drawing). Using Torch I can see that connections is made from src 188.8.131.52 (TDCWAN) to dest. 192.168.1.3 and my DMZ host tries to send it's response back to the correct internet IP. Also I see connections on the IP/Firewall/Connections tab marked "OutsideConnection_TDCWAN" - so my forwarding mark-connection rules works. Also when using Torch to see if traffic originating from 184.108.40.206 is hitting the DKTVWAN (220.127.116.11) interface on the way back luckily nothing happens. So at least my connection-marks / routing-marks / routes makes sure that responses for traffic originating from 18.104.22.168 does not go out throug 22.214.171.124. But it's lost somewhere else and i can't figure out why or where. BTW ether4-10 + Wireless is bridged.
Here's an edited routeros printout :
You do not have the required permissions to view the files attached to this post.