So I think I have the setup you guys are looking for. I have quite a bit of experience using dual/multi-wan scenarios. However, I just recently got a MikroTik and have been working on implementing dual WAN into that, using what I learned from previous experiences, and bits and pieces of the other tutorials out there.
My setup:
ether1 : Cable (DHCP, currently offline, but configurations are still there)
ether2-4 : Bridge (192.168.10.254/24)
ether5 : DSL (DHCP)
Using recursive routing to monitor the WAN connections and disable the routes that are no longer able to reach the monitor IP. I am using 4.2.2.2 (monitored by WAN1) and 4.2.2.1 (monitored by WAN2).
/ip route
## Sets up recursive routing to monitor WAN connections. As comments say, those links should only be active if the address is unreachable
## For packets that flow through the router
add dst-address=0.0.0.0/0 gateway=4.2.2.2 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN1
add dst-address=0.0.0.0/0 gateway=4.2.2.1 check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_WAN1 comment="Should only be active if WAN1 is down"
add dst-address=0.0.0.0/0 gateway=4.2.2.1 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN2
add dst-address=0.0.0.0/0 gateway=4.2.2.2 check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_WAN2 comment="Should only be active if WAN2 is down"
## Packets originated from the router
add dst-address=0.0.0.0/0 gateway=4.2.2.1 check-gateway=ping distance=1 scope=30 target-scope=10
add dst-address=0.0.0.0/0 gateway=4.2.2.2 check-gateway=ping distance=2 scope=30 target-scope=10 comment="Should only be active if WAN2 is down"
/ip firewall mangle
## For DSL Modem Management
add chain=prerouting action=accept dst-address=192.168.2.0/24 log=no log-prefix=""
## For Cable Modem Management
add chain=prerouting action=accept dst-address=192.168.100.0/24 log=no log-prefix=""
## Mark incoming connections so they route out the same interface
add chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes connection-mark=no-mark in-interface=ether1 log=no log-prefix=""
add chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes connection-mark=no-mark in-interface=ether5 log=no log-prefix=""
## Force SSL connections over the more stable connection (DSL)
add chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=bridge dst-port=443 log=no log-prefix=""
add chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=bridge dst-port=443 log=no log-prefix=""
## Randomly select a route with close to a 50/50 split. If matched on this line, mark for WAN1 (For connections not currently marked)
add chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=bridge random=50 log=no log-prefix=""
## If packet was not marked in rule above, mark it for WAN2
add chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=bridge log=no log-prefix=""
## Add routing marks based on the connection marks
add chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn in-interface=bridge log=no log-prefix=""
add chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn in-interface=bridge log=no log-prefix=""
## Accept (not sure if really needed or not)
add chain=prerouting action=accept connection-mark=WAN1_conn log=no log-prefix=""
add chain=prerouting action=accept connection-mark=WAN2_conn log=no log-prefix=""
## If packet doesn't have a connection mark, mark it based on routing decision
add chain=output action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local connection-mark=no-mark out-interface=ether1 log=no log-prefix=""
add chain=output action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local connection-mark=no-mark out-interface=ether5 log=no log-prefix=""
## And add routing mark based on connection mark from above
add chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn log=no log-prefix=""
add chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn log=no log-prefix=""
## Mark packets not connection marked with the incoming interface
add chain=forward action=mark-connection new-connection-mark=WAN1_conn passthrough=yes connection-mark=no-mark in-interface=ether1 log=no log-prefix=""
add chain=forward action=mark-connection new-connection-mark=WAN2_conn passthrough=yes connection-mark=no-mark in-interface=ether5 log=no log-prefix=""
/ip firewall nat
## Masquerade connections for cable and DSL modem web pages
add chain=srcnat action=masquerade dst-address=192.168.100.0/24 out-interface=ether1 log=no log-prefix="" comment="Cable Modem Web"
add chain=srcnat action=masquerade dst-address=192.168.2.0/24 out-interface=ether5 log=no log-prefix="" comment="DSL Modem Web"
## Masquerade based on connection marks
add chain=srcnat action=masquerade connection-mark=WAN1_conn out-interface=ether1 log=no log-prefix=""
add chain=srcnat action=masquerade connection-mark=WAN2_conn out-interface=ether5 log=no log-prefix=""
add chain=srcnat action=masquerade connection-mark=WAN2_conn out-interface=ether1 log=no log-prefix="" comment="Should only be match if WAN2 is down"
add chain=srcnat action=masquerade connection-mark=WAN1_conn out-interface=ether5 log=no log-prefix="" comment="Should only be matched if WAN1 is down"
DHCP client with scripts to update the routing table based on the gateway received from DHCP
/ip dhcp-client
add interface=ether1 add-default-route=no use-peer-dns=no use-peer-ntp=yes dhcp-options=hostname,clientid script={\r\n :local rmark "to_WAN1"\r\n :local count [/ip route print count-only where comment="WAN1"]\r\n :if ($bound=1) do={\r\n :if ($count = 0) do={\r\n /ip route add dst-address="4.2.2.2" scope=10 gateway=$"gateway-address" comment="WAN1"\r\n } else={\r\n :if ($count = 1) do={\r\n :local test [/ip route find where comment="WAN1"]\r\n :if ([/ip route get $test gateway] !=$"gateway-address") do={\r\n /ip route set $test gateway=$"gateway-address"\r\n }\r\n } else={\r\n :error "Multiple routes found"\r\n }\r\n }\r\n } else={\r\n /ip route remove [find comment="WAN1"]\r\n }\r\n}\r\n
add interface=ether5 add-default-route=no use-peer-dns=no use-peer-ntp=yes dhcp-options=hostname,clientid script={\r\n :local rmark "to_WAN2"\r\n :local count [/ip route print count-only where comment="WAN2"]\r\n :if ($bound=1) do={\r\n :if ($count = 0) do={\r\n /ip route add dst-address="4.2.2.1" scope=10 gateway=$"gateway-address" comment="WAN2"\r\n } else={\r\n :if ($count = 1) do={\r\n :local test [/ip route find where comment="WAN2"]\r\n :if ([/ip route get $test gateway] !=$"gateway-address") do={\r\n /ip route set $test gateway=$"gateway-address"\r\n }\r\n } else={\r\n :error "Multiple routes found"\r\n }\r\n }\r\n } else={\r\n /ip route remove [find comment="WAN2"]\r\n }\r\n}\r\n
Hope this helps point you in the right direction!!!
--John