alors :

table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                iifname "lan" ip daddr 192.168.42.253 tcp dport 53 counter packets 0 bytes 0 dnat to 192.168.42.253:54 comment "PREROUTE_kids_dns_tcp"
                iifname "lan" ip daddr 192.168.42.253 udp dport 53 counter packets 0 bytes 0 dnat to 192.168.42.253:54 comment "PREROUTE_kids_dns_udp"
                iifname "lan" ip saddr { 192.168.42.26, 192.168.42.27, 192.168.42.29, 192.168.42.30, 192.168.42.31, 192.168.42.36 } tcp dport 53 counter packets 0 bytes 0 dnat to 192.168.42.251:53 comment "PREROUTE_cast_dns_tcp"
                iifname "lan" ip saddr { 192.168.42.26, 192.168.42.27, 192.168.42.29, 192.168.42.30, 192.168.42.31, 192.168.42.36 } udp dport 53 counter packets 1 bytes 60 dnat to 192.168.42.251:53 comment "PREROUTE_cast_dns_udp"
                iifname { "wan1", "wan3", "orange2" } ip saddr != 192.168.0.0/16 tcp dport { 53, 1194 } counter packets 0 bytes 0 dnat to 192.168.42.254:1194 comment "PREROUTE_vpn_endpoint_tcp"
                iifname { "wan1", "wan3", "orange2" } ip saddr != 192.168.0.0/16 udp dport { 53, 1194 } counter packets 0 bytes 0 dnat to 192.168.42.254:1194 comment "PREROUTE_vpn_endpoint_udp"
                iifname { "tun3" } tcp dport { 10542, 20542, 30542 } counter packets 0 bytes 0 dnat to 192.168.42.53 comment "PREROUTE_vanisher_forward_tcp"
                iifname { "tun3" } udp dport { 10542, 20542, 30542 } counter packets 0 bytes 0 dnat to 192.168.42.53 comment "PREROUTE_vanisher_forward_udp"
                iifname { "wan1", "wan3", "orange2" } ip saddr != 192.168.0.0/16 tcp dport { 22, 80, 443 } counter packets 1 bytes 60 dnat to 192.168.42.51 comment "PREROUTE_wan_forward_tcp"
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                ip daddr 80.10.247.48 udp dport 67 counter packets 0 bytes 0 meta mark set 0x00000200
                oifname "wan1" ip saddr 192.168.0.0/16 counter packets 19 bytes 1540 masquerade comment "NAT_via_WAN1"
                oifname "orange2" ip saddr 192.168.0.0/16 counter packets 1 bytes 84 masquerade comment "NAT_via_WAN2"
                oifname { "tun0", "tun1", "tun2", "beta0" } ip saddr 192.168.0.0/16 counter packets 5 bytes 1877 masquerade comment "NAT_via_VPN"
                oifname "beta0" ip saddr 192.168.0.0/16 counter packets 0 bytes 0 masquerade comment "NAT_via_BETA"
                oifname { "tun3", "tun4", "tun5" } ip saddr 192.168.0.0/16 counter packets 1 bytes 108 masquerade comment "NAT_via_VANISHER"
        }
}


table ip mangle {                                                                                                                                                                                                                                               
        chain PREROUTING {
                type filter hook prerouting priority mangle; policy accept;
                iifname "wan1" ct state new counter packets 1 bytes 44 jump MWAN1 comment "mwan1_orange1"
                iifname "orange2" ct state new counter packets 3 bytes 180 jump MWAN2 comment "mwan1_orange2"
                iifname "wan3" ct state new counter packets 25 bytes 1220 jump MWAN3 comment "mwan3_lte"
                iifname "beta0" ct state new counter packets 0 bytes 0 jump MWAN5 comment "mwan5_beta"
                iifname { "tun4" } ct state new counter packets 0 bytes 0 jump MWAN6 comment "mwan1_vanisher_orange1"
                iifname { "tun5" } ct state new counter packets 0 bytes 0 jump MWAN7 comment "mwan1_vanisher_orange2"
                iifname { "tun3" } ct state new counter packets 0 bytes 0 jump MWAN9 comment "mwan9_vanisher_lte"
                ct state new counter packets 61 bytes 6578 jump MWAN
                ct mark != 0x00000000 meta mark set ct mark
        }

        chain INPUT {
                type filter hook input priority mangle; policy accept;
        }

        chain FORWARD {
                type filter hook forward priority mangle; policy accept;
        }

        chain OUTPUT {
                type route hook output priority mangle; policy accept;
                ip daddr 80.10.247.48 udp dport 67 counter packets 0 bytes 0 jump MWANSL2 comment "mwan2_dhcp_orange2"
                oifname "wan1" ct state new counter packets 19 bytes 1532 jump MWAN1 comment "mwan1_orange1"
                oifname "orange2" ct state new counter packets 8 bytes 636 jump MWAN2 comment "mwan2_orange2"
                oifname "wan3" ct state new counter packets 1 bytes 114 jump MWAN3 comment "mwan3_lte"
                oifname "beta0" ct state new counter packets 0 bytes 0 jump MWAN5 comment "mwan5_beta"
                oifname { "tun4" } ct state new counter packets 5 bytes 406 jump MWAN6 comment "mwan6_vanisher_orange1"
                oifname { "tun5" } ct state new counter packets 0 bytes 0 jump MWAN7 comment "mwan7_vanisher_orange2"
                oifname { "tun3" } ct state new counter packets 0 bytes 0 jump MWAN9 comment "mwan1_vanisher_lte"
                ct state new counter packets 244 bytes 39811 jump MWAN
                ct mark != 0x00000000 meta mark set ct mark
        }

...
        chain MWANSL1 {
                meta mark set 0x00000100
                counter packets 0 bytes 0 log prefix "netfilter_MWANSL1" group 0
        }

        chain MWANSL2 {
                meta mark set 0x00000200
                counter packets 0 bytes 0 log prefix "netfilter_MWANSL2" group 0
        }
}

}


# ip rule add from all fwmark 0x200 lookup 200 pri 1
[20:31:47]root@cerber:/etc/nft.d # ip rule show
0:      from all lookup local
1:      from all fwmark 0x200 lookup 200
100:    from 192.168.3.254 lookup 100
101:    from all fwmark 0x100 lookup 100
200:    from <moniporange> ookup 200
201:    from all fwmark 0x200 lookup 200
300:    from 192.168.4.254 lookup 300
301:    from all fwmark 0x300 lookup 300
500:    from 192.168.251.2 lookup 500
501:    from all fwmark 0x500 lookup 500
600:    from 10.1.228.244 lookup 600
601:    from all fwmark 0x600 lookup 600
700:    from 10.2.19.249 lookup 700
701:    from all fwmark 0x700 lookup 700
900:    from 10.4.65.19 lookup 900
901:    from all fwmark 0x900 lookup 900
32766:  from all lookup main
32767:  from all lookup default

 # ip route show table 200
default via 82.127.187.1 dev orange2
10.1.228.0/24 dev tun4 scope link src 10.1.228.244
10.2.19.0/24 dev tun5 scope link src 10.2.19.249
10.4.65.0/24 dev tun3 scope link src 10.4.65.19
82.127.187.0/25 dev orange2 proto kernel scope link src <moniporange>
192.168.2.0/24 dev wan2 proto kernel scope link src 192.168.2.254
192.168.3.0/24 dev wan1 proto kernel scope link src 192.168.3.254
192.168.4.0/24 dev wan3 proto kernel scope link src 192.168.4.254
192.168.42.0/24 dev lan proto kernel scope link src 192.168.42.254
192.168.43.0/24 dev tun0 proto kernel scope link src 192.168.43.1
192.168.46.0/24 dev tun2 proto kernel scope link src 192.168.46.2
192.168.48.0/24 dev tun1 proto kernel scope link src 192.168.48.1
192.168.251.0/30 dev beta0 scope link src 192.168.251.2


logs netfilter :
Sep 29 20:34:47 cerber netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=8844 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200

ok,  voici quelques logs :

Sep 29 21:02:12 cerber.nbux.org kernel: nat/POSTROUTINGIN=orange2 OUT=lan MAC=d8:a7:56:ac:ed:ea:0c:a4:02:2c:a1:74:08:00 SRC=129.226.67.92 DST=192.168.42.51 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=48524 DF PROTO=TCP SPT=54916 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:13 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 29 21:02:14 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=60828 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 29 21:02:18 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:52:34:44:2f:b7:04:08:00 SRC=192.168.42.133 DST=92.123.113.15 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=59730 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:18 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:00:04:4b:4c:1c:e6:08:00 SRC=192.168.42.36 DST=185.99.151.235 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=30612 DF PROTO=TCP SPT=37822 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:18 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:00:04:4b:4c:1c:e6:08:00 SRC=192.168.42.36 DST=178.162.146.164 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12654 DF PROTO=TCP SPT=47188 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:18 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:00:04:4b:4c:1c:e6:08:00 SRC=192.168.42.36 DST=178.162.146.164 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=59459 DF PROTO=TCP SPT=47190 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:18 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:00:04:4b:4c:1c:e6:08:00 SRC=192.168.42.36 DST=185.99.151.225 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=17722 DF PROTO=TCP SPT=58880 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:20 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:ba:32:53:da:82:44:08:00 SRC=192.168.42.58 DST=1.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=254 ID=13610 DF PROTO=ICMP TYPE=8 CODE=0 ID=49189 SEQ=1 MARK=0x200
Sep 29 21:02:22 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:7c:2a:31:10:2f:c0:08:00 SRC=192.168.42.82 DST=52.40.132.66 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=12077 DF PROTO=TCP SPT=52312 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:22 cerber.nbux.org kernel: nat/POSTROUTINGIN=lan OUT=orange2 MAC=d0:50:99:d4:c9:a9:00:04:4b:4c:1c:e6:08:00 SRC=192.168.42.36 DST=185.99.151.225 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=10676 DF PROTO=TCP SPT=58884 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x200
Sep 29 21:02:23 cerber.nbux.org kernel: nat/POSTROUTINGIN=orange2 OUT=lan MAC=d8:a7:56:ac:ed:ea:0c:a4:02:2c:a1:74:08:00 SRC=54.37.156.188 DST=192.168.42.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=61442 DF PROTO=TCP SPT=45763 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x200

Non c’est juste mon grep qui ne montre que ces paquets...

En tout cas, j'ai la réponse à ma question de tout à l'heure : pourquoi ton log affiche MARK=200 et non MARK=0x200 : parce que pour une raison qui m'échappe encore, certains logs sont générés par ulogd, et d'autres par le kernel.

salut,

# cat /proc/net/netfilter/nf_log
 0 NONE (nfnetlink_log)
 1 NONE (nfnetlink_log)
 2 nfnetlink_log (nf_log_ipv4,nfnetlink_log)
 3 NONE (nfnetlink_log)
 4 NONE (nfnetlink_log)
 5 NONE (nfnetlink_log)
 6 NONE (nfnetlink_log)
 7 nfnetlink_log (nfnetlink_log)
 8 NONE (nfnetlink_log)
 9 NONE (nfnetlink_log)
10 nfnetlink_log (nfnetlink_log)
11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)

curieusement les modifs dans nftables ne logguent rien de plus (tu as les log netfilter et dhclient) :
# journalctl -f | grep 80.10.247.4
Sep 30 07:38:35 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:38:36 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=43376 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:38:43 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:38:44 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=44892 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:38:54 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:38:55 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=45516 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:39:09 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:39:10 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=49498 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:39:25 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:39:26 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=50861 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200

du coup j'ai AJOUTE un set meta mark dans mangle POSTROUTING (en plus de celui dans OUTPUT) :
# journalctl -f | grep 80.10.247.48
Sep 30 07:40:42 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:40:42 cerber.nbux.org kernel:  mangle/POSTROUTING IN= OUT=wan1 SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=63895 PROTO=UDP SPT=68 DPT=67 LEN=391 MARK=0x200
Sep 30 07:40:43 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=63895 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:40:43 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=63895 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:40:54 cerber.nbux.org dhclient[244426]: DHCPREQUEST for 82.127.187.99 on orange2 to 80.10.247.48 port 67
Sep 30 07:40:54 cerber.nbux.org kernel:  mangle/POSTROUTING IN= OUT=wan1 SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=1697 PROTO=UDP SPT=68 DPT=67 LEN=391 MARK=0x200
Sep 30 07:40:55 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=1697 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
Sep 30 07:40:55 cerber.nbux.org ulogd[396]: netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=1697 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200

mais ca sort toujours par wan1...

Merci encore pour ton temps et ces infos très interessantes.

Je crois que tu vas peut-être m'en vouloir ... 

je viens de configurer ma ligne orange1 (seule orange2 était en mode bridge jusqu'a maintenant). Le serveur DHCP pour orange1 semble être différent de celui pour orange2 :

[14:26:56]root@cerber:/etc/dnsmasq.d # journalctl -u dhclient@orange1.service  -n 1000 | grep from
Sep 30 10:39:11 cerber.nbux.org dhclient[3473803]: DHCPACK of <ip_orange1> from 193.251.41.1
Sep 30 10:39:16 cerber.nbux.org dhclient[3473851]: RCV: Reply message on orange1 from fe80::ba0:bab.
[14:27:12]root@cerber:/etc/dnsmasq.d # journalctl -u dhclient@orange2.service  -n 1000 | grep from
Sep 30 07:30:36 cerber.nbux.org dhclient[244468]: RCV: Reply message on orange2 from fe80::ba0:bab.
Sep 30 09:22:56 cerber.nbux.org dhclient[244426]: DHCPACK of <ip_orange2> from 80.10.247.48

dans le premier cas c'est 193.251.41.1 et dans l'autre 80.10.247.48.
du coup c'est bcp bcp plus simple , une route statique et hop ...

Il semble qu'il y ait plusieurs infra DHCP chez Orange et que selon le range de ton IP fixe, on adresse un serveur DHCP différent. Ma chance est d'avoir 2 IPs fixes dans 2 ranges différents et du coup, 2 serveurs DHCP bien distincts.

Après cela ne résout pas le pourquoi du comment c'est certain.