There is no specific SNAT rule made when port forwarding, only DNAT and FORWARD ACCEPT, so the answer is no, at least not when using OpenWRT, do not know about your firmware but it seems not.
I already pointed out the problem earlier:
Thank you very much, @egc.
Indeed, I need multiple wan zone interfaces (I am using mwan3) with different metrics.
So there is absolutely no way to get it working? That's a shame.
I am able to get it working with socat, but I wanted something more standard and permanent, as I'll have to reproduce it in other devices.
Any other recommendations?
I can think of two things:
You can use PBR to route a specific port via specific route/interface
The second one is to Masquerade the traffic.
I am not 100% sure but Masquerading the traffic might work as the connection tracking should be able to use the correct route.
As a simple test enable Masquerading on the LAN zone, if it works you can make more specific SNAT rules per port.
From the configuration you posted above I don't see any static route for the tailscale subnet via the tailscale interface. That can be easily verified with ip -4 ro list table all
I think tailscale adds these routes directly. I can ping 100.103.232.85 just fine.
root@router-5:~# ip -4 ro list table all
default via 192.168.3.1 dev eth0 table 1 proto static metric 10
10.1.5.0/24 dev br-lan table 1 proto kernel scope link src 10.1.5.1
172.17.0.0/16 dev docker0 table 1 proto kernel scope link src 172.17.0.1 linkdown
192.0.0.0/24 dev br-lan table 1 proto kernel scope link src 192.0.0.199
192.168.3.0/24 dev eth0 table 1 proto static scope link metric 10
default via 192.168.0.254 dev veth2 table 3 proto static metric 30
10.1.5.0/24 dev br-lan table 3 proto kernel scope link src 10.1.5.1
172.17.0.0/16 dev docker0 table 3 proto kernel scope link src 172.17.0.1 linkdown
192.0.0.0/24 dev br-lan table 3 proto kernel scope link src 192.0.0.199
192.168.0.0/24 dev veth2 table 3 proto static scope link metric 30
default via 192.168.1.1 dev veth1 table 4 proto static metric 20
10.1.5.0/24 dev br-lan table 4 proto kernel scope link src 10.1.5.1
172.17.0.0/16 dev docker0 table 4 proto kernel scope link src 172.17.0.1 linkdown
192.0.0.0/24 dev br-lan table 4 proto kernel scope link src 192.0.0.199
192.168.1.0/24 dev veth1 table 4 proto static scope link metric 20
100.69.236.79 dev tailscale0 table 52
100.70.147.79 dev tailscale0 table 52
100.71.200.35 dev tailscale0 table 52
100.75.24.8 dev tailscale0 table 52
100.81.219.100 dev tailscale0 table 52
100.85.242.47 dev tailscale0 table 52
100.85.245.18 dev tailscale0 table 52
100.88.48.81 dev tailscale0 table 52
100.90.10.4 dev tailscale0 table 52
100.91.90.42 dev tailscale0 table 52
100.94.38.57 dev tailscale0 table 52
100.95.117.5 dev tailscale0 table 52
100.100.100.100 dev tailscale0 table 52
100.101.102.58 dev tailscale0 table 52
100.102.57.47 dev tailscale0 table 52
100.103.232.85 dev tailscale0 table 52
100.105.64.9 dev tailscale0 table 52
100.107.169.12 dev tailscale0 table 52
100.107.255.88 dev tailscale0 table 52
100.108.75.58 dev tailscale0 table 52
100.112.133.96 dev tailscale0 table 52
100.115.19.37 dev tailscale0 table 52
100.117.194.50 dev tailscale0 table 52
100.123.103.58 dev tailscale0 table 52
default via 192.168.3.1 dev eth0 proto static metric 10
default via 192.168.1.1 dev veth1 proto static metric 20
default via 192.168.0.254 dev veth2 proto static metric 30
10.1.5.0/24 dev br-lan proto kernel scope link src 10.1.5.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.0.0.0/24 dev br-lan proto kernel scope link src 192.0.0.199
192.168.0.0/24 dev veth2 proto static scope link metric 30
192.168.1.0/24 dev veth1 proto static scope link metric 20
192.168.3.0/24 dev eth0 proto static scope link metric 10
local 10.1.5.1 dev br-lan table local proto kernel scope host src 10.1.5.1
broadcast 10.1.5.255 dev br-lan table local proto kernel scope link src 10.1.5.1
local 100.114.203.45 dev tailscale0 table local proto kernel scope host src 100.114.203.45
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown
local 192.0.0.199 dev br-lan table local proto kernel scope host src 192.0.0.199
broadcast 192.0.0.255 dev br-lan table local proto kernel scope link src 192.0.0.199
local 192.168.0.1 dev veth2 table local proto kernel scope host src 192.168.0.1
broadcast 192.168.0.255 dev veth2 table local proto kernel scope link src 192.168.0.1
local 192.168.1.254 dev veth1 table local proto kernel scope host src 192.168.1.254
broadcast 192.168.1.255 dev veth1 table local proto kernel scope link src 192.168.1.254
local 192.168.3.254 dev eth0 table local proto kernel scope host src 192.168.3.254
broadcast 192.168.3.255 dev eth0 table local proto kernel scope link src 192.168.3.254
It adds them, but they are in a custom table and not in main, where they are not present.
You need to fix the routing or create a rule to send traffic to tailscale.