Computer networks

How to split two external statics into two internal subnets?

Essence of the question. There is a Mikrotik RB951G-2HnD and the Internet from the provider comes to its first port (Ether1), which gives us two statics over one cable. Inside Mikrotik there are two bridges Bridge1 and Bridge_Sec and their respective networks: 192.168.0.0/24 and 192.168.3.0/24. Previously, when the provider gave statics from different networks (abc1 and bca1), there were no problems, because by means of packet marking (mangle prerouting) and routing policy (PBR), the whole thing was normally linked - the first static was given to 192.168.0.0/24, and the second to 192.168 .3.0/24. But now the provider has changed its structure and we are given two statics in the same network (abc17/32 and abc18/32 in the abc0/24 network with the abc1/32 gateway). And right away, alas, I did not notice that everything stopped working ... Ie. now everyone (both internal subnets) are sitting with abc17. If you disable abc in IP-Addresses
I ask for your advice on this situation.
Below is the current listing of settings (Routes for splitting are disabled for the time being):
Route table:

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 X S  ;;; DD_routing
        dst-address=0.0.0.0/0 pref-src=a.b.c.17 gateway=a.b.c.1 
        gateway-status=a.b.c.1 inactive distance=1 scope=30 target-scope=10 
        routing-mark=DD 

 1 X S  ;;; DD_SEC_IP_Routing
        dst-address=0.0.0.0/0 pref-src=a.b.c.18 gateway=a.b.c.1 
        gateway-status=a.b.c.1 inactive distance=1 scope=30 target-scope=10 
        routing-mark=DD_SEC_IP 

 2 A S  ;;; Default Route
        dst-address=0.0.0.0/0 gateway=a.b.c.1 
        gateway-status=a.b.c.1 reachable via  ether1-gatewayDD distance=1 scope=30 
        target-scope=10 

 3 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.10 gateway=bridge-local 
        gateway-status=bridge-local reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.3.0/24 pref-src=192.168.3.10 gateway=bridge1_sec 
        gateway-status=bridge1_sec reachable distance=0 scope=10 

 5 ADC  dst-address=a.b.c.0/24 pref-src=a.b.c.17 gateway=ether1-gatewayDD 
        gateway-status=ether1-gatewayDD reachable distance=0 scope=10

Routing policy table:

Flags: X - disabled, I - inactive 
 0   dst-address=192.168.0.0/24 action=lookup table=main 

 1   dst-address=192.168.3.0/24 action=lookup table=main 

 2   dst-address=a.b.c.18/32 action=lookup table=main 

 3   dst-address=a.b.c.17/32 action=lookup table=main 

 4   src-address=a.b.c.17/32 action=lookup table=DD 

 5   src-address=a.b.c.18/32 action=lookup table=DD_SEC_IP 

 6   routing-mark=DD action=lookup table=DD 

 7   routing-mark=DD_SEC_IP action=lookup table=DD_SEC_IP

Mangle table (marker):

Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=prerouting action=mark-routing new-routing-mark=DD passthrough=no src-address=192.168.0.0/24 log=no log-prefix="" 

 1    chain=prerouting action=mark-routing new-routing-mark=DD_SEC_IP passthrough=no src-address=192.168.3.0/24 log=no log-prefix=""

Address table (IP-Addresses):

Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.0.10/24 network=192.168.0.0 interface=ether2-master-localSKLAD actual-interface=bridge-local 

 1   address=a.b.c.17/24 network=a.b.c.0 interface=ether1-gatewayDD actual-interface=ether1-gatewayDD 

 2   ;;; DOP_ip
     address=a.b.c.18/24 network=a.b.c.0 interface=ether1-gatewayDD actual-interface=ether1-gatewayDD 

 3   ;;; Security
     address=192.168.3.10/24 network=192.168.3.0 interface=ether5-slave-localSECURITY actual-interface=bridge1_sec

PS: The current version of RouterOS is 6.35rc31