Currently I have ECMP running on a 5 port config. It works but has issues with dropped connections inbound and outbound. However, my static routes and connectivity to all other networks, works fine. I decided to try NLB instead of ECMP. I used this link as the base to setup NLB:
http://wiki.mikrotik.com/wiki/NTH_load_ ... masquerade

After adjusting this to fit 3 WANs instead of 2, LB works out the public internet, but I cannot reach my other internal networks. My setup is like this:

LAN1(75M) = 10.75.75.254/24
LAN2(CORE) = 172.16.247.2/19 as well as 192.168.75.254/16
WAN1(0077) = Static Public IPs
WAN2(0575) = Static Public IPs
WAN3(TWC) = Static Public IPs

From LAN1, clients cannot reach the 172 or 192 (but the router can) nor can I reach another remote network that has a static route 10.9.8.0/24 via 172.16.247.1 (obviously if a client cant reach any 172 through the router, It wont reach the remote network next hop).

Since the 172 and 192 networks are local on the router, what could I have done that made those networks unreachable from clients on the LAN1?

Im brand new to Mikrotik and just started using them last week. Previously we used PFSense. Any help would be very appreciated. Below is the script I used to setup NLB (I already had my interfaces setup and just deleted the routes and mangle rules pertaining to ecmp):

/ ip firewall mangle
add chain=prerouting src-address-list=one in-interface=CORE action=mark-connection \ new-connection-mark=one passthrough=yes
add chain=prerouting src-address-list=one in-interface=CORE action=mark-routing \ new-routing-mark=one passthrough=no
add chain=prerouting src-address-list=two in-interface=CORE action=mark-connection \ new-connection-mark=two passthrough=yes
add chain=prerouting src-address-list=two in-interface=CORE action=mark-routing \ new-routing-mark=two passthrough=no
add chain=prerouting src-address-list=three in-interface=CORE action=mark-connection \ new-connection-mark=three passthrough=yes
add chain=prerouting src-address-list=three in-interface=CORE action=mark-routing \ new-routing-mark=three passthrough=no
add chain=prerouting in-interface=CORE connection-state=new nth=3,1 \ action=mark-connection new-connection-mark=one passthrough=yes
add chain=prerouting in-interface=CORE action=add-src-to-address-list \ address-list=one address-list-timeout=1d connection-mark=one passthrough=yes
add chain=prerouting in-interface=CORE connection-mark=one action=mark-routing \ new-routing-mark=one passthrough=no
add chain=prerouting in-interface=CORE connection-state=new nth=3,2 \ action=mark-connection new-connection-mark=two passthrough=yes
add chain=prerouting in-interface=CORE action=add-src-to-address-list \ address-list=two address-list-timeout=1d connection-mark=two passthrough=yes
add chain=prerouting in-interface=CORE connection-mark=two action=mark-routing \ new-routing-mark=two passthrough=no
add chain=prerouting in-interface=CORE connection-state=new nth=3,3 \ action=mark-connection new-connection-mark=three passthrough=yes
add chain=prerouting in-interface=CORE action=add-src-to-address-list \ address-list=three address-list-timeout=1d connection-mark=two passthrough=yes
add chain=prerouting in-interface=CORE connection-mark=two action=mark-routing \ new-routing-mark=three passthrough=no
add chain=prerouting in-interface=CORE connection-state=new nth=3,1 \ src-address-list=!two action=mark-connection new-connection-mark=one \ passthrough=yes
add chain=prerouting in-interface=CORE connection-state=new nth=3,1 \ src-address-list=!three action=mark-connection new-connection-mark=one \ passthrough=yes
add chain=prerouting in-interface=CORE connection-state=new nth=3,2 \ src-address-list=!one action=mark-connection new-connection-mark=two \ passthrough=yes
add chain=prerouting in-interface=CORE connection-state=new nth=3,2 \ src-address-list=!three action=mark-connection new-connection-mark=two \ passthrough=yes
add chain=prerouting in-interface=CORE connection-state=new nth=3,3 \ src-address-list=!one action=mark-connection new-connection-mark=three \ passthrough=yes
add chain=prerouting in-interface=CORE connection-state=new nth=3,3 \ src-address-list=!two action=mark-connection new-connection-mark=three \ passthrough=yes

/ ip firewall mangle
add chain=prerouting src-address-list=one in-interface=75M action=mark-connection \ new-connection-mark=one passthrough=yes
add chain=prerouting src-address-list=one in-interface=75M action=mark-routing \ new-routing-mark=one passthrough=no
add chain=prerouting src-address-list=two in-interface=75M action=mark-connection \ new-connection-mark=two passthrough=yes
add chain=prerouting src-address-list=two in-interface=75M action=mark-routing \ new-routing-mark=two passthrough=no
add chain=prerouting src-address-list=three in-interface=75M action=mark-connection \ new-connection-mark=three passthrough=yes
add chain=prerouting src-address-list=three in-interface=75M action=mark-routing \ new-routing-mark=three passthrough=no
add chain=prerouting in-interface=75M connection-state=new nth=3,1 \ action=mark-connection new-connection-mark=one passthrough=yes
add chain=prerouting in-interface=75M action=add-src-to-address-list \ address-list=one address-list-timeout=1d connection-mark=one passthrough=yes
add chain=prerouting in-interface=75M connection-mark=one action=mark-routing \ new-routing-mark=one passthrough=no
add chain=prerouting in-interface=75M connection-state=new nth=3,2 \ action=mark-connection new-connection-mark=two passthrough=yes
add chain=prerouting in-interface=75M action=add-src-to-address-list \ address-list=two address-list-timeout=1d connection-mark=two passthrough=yes
add chain=prerouting in-interface=75M connection-mark=two action=mark-routing \ new-routing-mark=two passthrough=no
add chain=prerouting in-interface=75M connection-state=new nth=3,3 \ action=mark-connection new-connection-mark=three passthrough=yes
add chain=prerouting in-interface=75M action=add-src-to-address-list \ address-list=three address-list-timeout=1d connection-mark=two passthrough=yes
add chain=prerouting in-interface=75M connection-mark=two action=mark-routing \ new-routing-mark=three passthrough=no
add chain=prerouting in-interface=75M connection-state=new nth=3,1 \ src-address-list=!two action=mark-connection new-connection-mark=one \ passthrough=yes
add chain=prerouting in-interface=75M connection-state=new nth=3,1 \ src-address-list=!three action=mark-connection new-connection-mark=one \ passthrough=yes
add chain=prerouting in-interface=75M connection-state=new nth=3,2 \ src-address-list=!one action=mark-connection new-connection-mark=two \ passthrough=yes
add chain=prerouting in-interface=75M connection-state=new nth=3,2 \ src-address-list=!three action=mark-connection new-connection-mark=two \ passthrough=yes
add chain=prerouting in-interface=75M connection-state=new nth=3,3 \ src-address-list=!one action=mark-connection new-connection-mark=three \ passthrough=yes
add chain=prerouting in-interface=75M connection-state=new nth=3,3 \ src-address-list=!two action=mark-connection new-connection-mark=three \ passthrough=yes


/ ip firewall nat
add chain=srcnat out-interface=0077 action=masquerade
add chain=srcnat out-interface=0575 action=masquerade
add chain=srcnat out-interface=TWC action=masquerade


/ ip route
add dst-address=0.0.0.0/0 gateway=65.XX.XXX.193 scope=255 target-scope=10 routing-mark=one
add dst-address=0.0.0.0/0 gateway=67.XX.XXX.1 scope=255 target-scope=10 routing-mark=two
add dst-address=0.0.0.0/0 gateway=70.XX.XXX.81 scope=255 target-scope=10 routing-mark=three
add dst-address=0.0.0.0/0 gateway=67.XX.XXX.1 scope=255 target-scope=10

Hi,

stupid question, but.. why you don't use PCC?

Thanks,

Thank you for your reply!

I tried that last night after reading it was sort of the "latest" way to LB without connection drops. It gave an error on the two lines that used the "!" in the example I was following (which also was for only 2 wan,1 lan and im certainly not smart enough to tweak it for 3 wans, 2 lans and remote networks at this point.) Once again, Internet flow worked, but my other private networks were unreachable no matter what I tried for nat/mangle/routes.

Could you help me with a complete script? Im positive its because Im a novice with RouterOS. Im getting pretty desperate at this point. My interfaces are like this:

"75M" = 10.75.75.254/24 (LAN # 1 - have servers and clients in here - servers receive port forwards from public ips located on the WANs)

"CORE" = 172.16.247.2/19 (LAN # 2 - have mostly subscribers but need to be able to port forward public ips located on several of the WANs)
***the "CORE" interface also has 192.168.75.254/24 assigned to it since there are technically two IP schemes on that one network.

"0077" = 65.32.160.194/26 (WAN1 - has a few public IPs assigned to it to use for servers that need PF)

"0575" = 67.76.196.32/24 (WAN2 - has 32 public IPs assigned to it to use for servers and clients that need PF) - here is biggest issue with ecmp - pubic ip connections inward get dropped randomly.

"NWC" = 70.63.222.82/28 (WAN3 - has a few public IPs assigned to it to use for servers that need PF)

I have a few buildings tied up to the CORE (172.16.224.0/19) interface via wireless links and PFSense routers (soon to be replaced with Mikrotiks) This is where the trouble keeps rising when I try to use the examples out there for anything but the one for ecmp. One of those remote buildings networks is 10.9.8.0/24 and is reachable by hitting its own "CORE" interface of 172.16.247.1 and routes inward to 10.9.8.0/24.

With everything I try, except ECMP, I loose the ability from 75M devices to talk to CORE devices which in turn, results in loss of connectivity to remote networks at other buildings via the CORE network.

Here was the PPC example I was working with last night altered to fit my LAN/WAN labels. Could you take a look here and help me make it work for both of my LANs, the third WAN above listed as "NWC" as well as my remote network (which I would think would just be a simple static route like it is now)?

/ ip firewall mangle
add chain=input in-interface=0077 action=mark-connection new-connection-mark=0077_conn
add chain=input in-interface=0575 action=mark-connection new-connection-mark=0575_conn
add chain=output connection-mark=0077_conn action=mark-routing new-routing-mark=to_0077
add chain=output connection-mark=0575_conn action=mark-routing new-routing-mark=to_0575
add chain=prerouting dst-address=65.32.160.193/24 action=accept in-interface=CORE
add chain=prerouting dst-address=67.76.196.1/24 action=accept in-interface=CORE
add chain=prerouting dst-address-type=!CORE in-interface=CORE per-connection-classifier=both-addresses:2/0 \ action=mark-connection new-connection-mark=0077_conn passthrough=yes
add chain=prerouting dst-address-type=!CORE in-interface=CORE per-connection-classifier=both-addresses:2/1 \ action=mark-connection new-connection-mark=0575_conn passthrough=yes
add chain=prerouting connection-mark=0077_conn in-interface=CORE action=mark-routing new-routing-mark=to_0077
add chain=prerouting connection-mark=0575_conn in-interface=CORE action=mark-routing new-routing-mark=to_0575

/ ip route
add dst-address=0.0.0.0/0 gateway=65.41.160.193 routing-mark=to_0077 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=67.76.196.1 routing-mark=to_0575 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=65.41.160.193 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=67.76.136.1 distance=2 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=0077 action=masquerade
add chain=srcnat out-interface=0575 action=masquerade

Thanks in advance!

/ ip firewall mangle
add chain=prerouting dst-address=local_subnet_1 action=accept place-before=0
add chain=prerouting dst-address=local_subnet_2 action=accept place-before=0

local_subnet_1/2 being my actual local lan such as the 10.75.75.0/24 & 172 or the remote network I am trying to reach 10.9.8.0/24?

Thanks for your help!!!!!!!

That did it! Thanks Chupaka! here was the final gig in case it can help someone else. set for 3 wans and 2 lans and working like a charm! No more disconnects from outside and looks like its doing a great job of balancing things across the three wans.

/ip firewall address-list add address=10.75.75.0/24 list=local
/ip firewall address-list add address=172.16.0.0/12 list=local
/ip route add gateway=65.31.150.193
/ip route add gateway=65.31.150.193 routing-mark=first
/ip route add gateway=67.76.196.1 routing-mark=second
/ip route add gateway=70.68.194.81 routing-mark=third
/ip firewall nat add chain=srcnat out-interface=0077 action=masquerade
/ip firewall nat add chain=srcnat out-interface=0575 action=masquerade
/ip firewall nat add chain=srcnat out-interface=TWC action=masquerade
/ip firewall mangle add action=add-src-to-address-list address-list=first address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,1
/ip firewall mangle add action=add-src-to-address-list address-list=second address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,2
/ip firewall mangle add action=add-src-to-address-list address-list=third address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,3
/ip firewall mangle add action=add-src-to-address-list address-list=seen address-list-timeout=0s chain="mark new unseen" disabled=no
/ip firewall mangle add action=jump chain="mark new unseen" disabled=no jump-target="mark connection"
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=first_conn passthrough=yes src-address-list=first
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=second_conn passthrough=yes src-address-list=second
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=third_conn passthrough=yes src-address-list=third
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=third_conn disabled=no new-routing-mark=third passthrough=no
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no src-address-list=first
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no src-address-list=second
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=third_conn disabled=no new-routing-mark=third passthrough=no src-address-list=third
/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target="mark connection" src-address-list=local
/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target="mark new unseen" src-address-list=local
/ ip firewall mangle
add chain=prerouting dst-address=172.16.224.0/19 action=accept place-before=0
add chain=prerouting dst-address=10.75.75.0/24 action=accept place-before=0
add chain=prerouting dst-address=192.168.0.0/16 action=accept place-before=0

karrrrma =)

That did it! Thanks Chupaka! here was the final gig in case it can help someone else. set for 3 wans and 2 lans and working like a charm! No more disconnects from outside and looks like its doing a great job of balancing things across the three wans.

/ip firewall address-list add address=10.75.75.0/24 list=local
/ip firewall address-list add address=172.16.0.0/12 list=local
/ip route add gateway=65.31.150.193
/ip route add gateway=65.31.150.193 routing-mark=first
/ip route add gateway=67.76.196.1 routing-mark=second
/ip route add gateway=70.68.194.81 routing-mark=third
/ip firewall nat add chain=srcnat out-interface=0077 action=masquerade
/ip firewall nat add chain=srcnat out-interface=0575 action=masquerade
/ip firewall nat add chain=srcnat out-interface=TWC action=masquerade
/ip firewall mangle add action=add-src-to-address-list address-list=first address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,1
/ip firewall mangle add action=add-src-to-address-list address-list=second address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,2
/ip firewall mangle add action=add-src-to-address-list address-list=third address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,3
/ip firewall mangle add action=add-src-to-address-list address-list=seen address-list-timeout=0s chain="mark new unseen" disabled=no
/ip firewall mangle add action=jump chain="mark new unseen" disabled=no jump-target="mark connection"
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=first_conn passthrough=yes src-address-list=first
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=second_conn passthrough=yes src-address-list=second
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=third_conn passthrough=yes src-address-list=third
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=third_conn disabled=no new-routing-mark=third passthrough=no
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no src-address-list=first
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no src-address-list=second
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=third_conn disabled=no new-routing-mark=third passthrough=no src-address-list=third
/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target="mark connection" src-address-list=local
/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target="mark new unseen" src-address-list=local
/ ip firewall mangle
add chain=prerouting dst-address=172.16.224.0/19 action=accept place-before=0
add chain=prerouting dst-address=10.75.75.0/24 action=accept place-before=0
add chain=prerouting dst-address=192.168.0.0/16 action=accept place-before=0

Hi i have something similar to yours just that my LAN is just one interface with 7VLANs, after setting up NTH i observed that its only one of the link that has traffic(wan2.4)...others are not. Even the entire mangle has counters at zero all through....is there something i am doing wrong, i am quite new to NTH pls help bellow is my mangle rule:

14 chain=mark new unseen action=add-src-to-address-list address-list=wan2.4
address-list-timeout=0s nth=3,1

15 chain=mark new unseen action=add-src-to-address-list address-list=INTERNE>
address-list-timeout=0s nth=3,2

16 chain=mark new unseen action=add-src-to-address-list address-list=INTERNE
address-list-timeout=0s nth=3,3

17 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s

18 chain=mark new unseen action=jump jump-target=mark connection

19 chain=mark connection action=mark-connection
new-connection-mark=wan2.4_conn passthrough=yes src-address-list=wan2.4

20 chain=mark connection action=mark-connection
new-connection-mark=INTERNET_conn passthrough=yes
src-address-list=INTERNET

21 chain=mark connection action=mark-connection
new-connection-mark=INTERNE_conn passthrough=yes
src-address-list=INTERNE

22 chain=mark connection action=mark-routing new-routing-mark=wan2.4
passthrough=no connection-mark=wan2.4_conn

23 chain=mark connection action=mark-routing new-routing-mark=INTERNET
passthrough=no connection-mark=INTERNET_conn

24 chain=mark connection action=mark-routing new-routing-mark=INTERNE
passthrough=no connection-mark=INTERNE_conn

25 chain=prerouting action=mark-routing new-routing-mark=wan2.4
passthrough=no src-address-list=wan2.4 connection-mark=wan2.4_conn

26 chain=prerouting action=mark-routing new-routing-mark=INTERNET
passthrough=no src-address-list=INTERNET connection-mark=INTERNET_conn

27 chain=prerouting action=mark-routing new-routing-mark=INTERNE
passthrough=no src-address-list=INTERNE connection-mark=INTERNE_conn

Hi,

stupid question, but.. why you don't use PCC?

Thanks,

Hi But does PCC works well with hotspot.....i tried PCC, loadbalancing works well, but immediately i turn on hotspot, my network either drags or sieze to function! Hence i am now trying NTH as suggested somewhere in this forum that it works better with hotspot. My major challenge now is getting load balancing to work in NTH....

None of the load balancing schemes work well with Hotspots. The Hotspot servlet redirect HTTP to themselves and proxy the traffic. Of course, the majority of all Hotspot traffic is HTTP. You have to adjust the load balancing scheme to balance the output chain.

You have to adjust the load balancing scheme to balance the output chain.

Thanks for the reply, i think there should be an advantage btw different methods, which do you think i should use for my scenario? NTH or PCC or ECMP? After suggesting a choice, could you tell me how to adjust the scheme to work with hotspot. Meanwhile let me give a brief introduction of my network.

3 wan links (to be load balanced)
1 LAN link (this is further broken down into 8 VLANs with different sub-network addresses the LAN itself also have a different network address), and they all need to be behind hotspot.

How do i go about the load balancing?

Here is what i have deployed, but does not seem to load balance(only wan2.4 has activity)

/ip address add address=61.194.12.xxx/xx interface=INTERNE
/ip address add address=62.56.157.xxx/xx interface=wan2.4
/ip address add address=10.2.0.3/24 interface=INTERNET
/ip address add address=192.168.16.1/21 interface=LAN-Local
/ip address add address=10.2.8.1/21 interface=vlan120-Local
/ip address add address=10.2.16.1/21 interface=vlan130-Local
/ip address add address=10.2.24.1/21 interface=vlan140-Local
/ip address add address=10.2.32.1/21 interface=vlan150-Local
/ip address add address=10.2.40.1/21 interface=vlan160-Local
/ip address add address=10.2.48.1/21 interface=vlan170-Local
/ip address add address=10.2.56.1/21 interface=vlan200-Local
/ip address add address=10.2.0.1/21 interface=vlan2-Local

/ip firewall address-list add address=192.168.16.0/21 list=local
/ip firewall address-list add address=10.2.8.0/21 list=local
/ip firewall address-list add address=10.2.16.0/21 list=local
/ip firewall address-list add address=10.2.24.0/21 list=local
/ip firewall address-list add address=10.2.32.0/21 list=local
/ip firewall address-list add address=10.2.40.0/21 list=local
/ip firewall address-list add address=10.2.48.0/21 list=local
/ip firewall address-list add address=10.2.56.0/21 list=local
/ip firewall address-list add address=10.2.0.0/21 list=local

/ip route add gateway=62.56.157.xxx
/ip route add gateway=62.56.157.xxx routing-mark=wan2.4
/ip route add gateway=10.2.0.1 routing-mark=INTERNET
/ip route add gateway=61.194.12.xx routing-mark=INTERNE

/ip firewall nat add chain=srcnat out-interface=INTERNE action=masquerade
/ip firewall nat add chain=srcnat out-interface=wan2.4 action=masquerade
/ip firewall nat add chain=srcnat out-interface=INTERNET action=masquerade

/ip firewall mangle add action=add-src-to-address-list address-list=wan2.4 address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,1
/ip firewall mangle add action=add-src-to-address-list address-list=INTERNET address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,2
/ip firewall mangle add action=add-src-to-address-list address-list=INTERNE address-list-timeout=0s chain="mark new unseen" disabled=no nth=3,3wan
/ip firewall mangle add action=add-src-to-address-list address-list=seen address-list-timeout=0s chain="mark new unseen" disabled=no
/ip firewall mangle add action=jump chain="mark new unseen" disabled=no jump-target="mark connection"
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=wan2.4_conn passthrough=yes src-address-list=wan2.4
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=INTERNET_conn passthrough=yes src-address-list=INTERNET
/ip firewall mangle add action=mark-connection chain="mark connection" disabled=no new-connection-mark=INTERNE_conn passthrough=yes src-address-list=INTERNE
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=wan2.4_conn disabled=no new-routing-mark=wan2.4 passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=INTERNET_conn disabled=no new-routing-mark=INTERNET passthrough=no
/ip firewall mangle add action=mark-routing chain="mark connection" connection-mark=INTERNE_conn disabled=no new-routing-mark=INTERNE passthrough=no
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=wan2.4_conn disabled=no new-routing-mark=wan2.4 passthrough=no src-address-list=wan2.4
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=INTERNET_conn disabled=no new-routing-mark=INTERNET passthrough=no src-address-list=INTERNET
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=INTERNE_conn disabled=no new-routing-mark=INTERNE passthrough=no

Your Help will be appreciated....

Regards