MikroTik

Hello,

I have a question !!! and I think that you can help me to figure it out

I have Mikrotik RB1200 I wanna to use this Mikrotik as a Hotspot with dual Wan Connection (Load Balancing )

I have One Internet Connection as " Static IP address "
the other Internet connection is pppoe

Now I am going to use 4 ethernet ports
2 as Local ( ether1=Local1 as management and ehter3=Local2 as a hotspot port )
2 as Wan ( ether2 as WAN1(static Ip) " static IP " , ether4 as WAN2 (PPPoE) )


---------------------------------------------------------------

/ip address

add address=192.168.222.1/23 broadcast=192.168.222.255 comment="" disabled=no interface=Local1 network=192.168.222.0
add address=192.168.2.1/23 broadcast=192.168.3.255 comment="" disabled=no interface=Local2 network=192.168.2.0

add address=24.x.y.14/28 broadcast=24.x.y.15 comment="" disabled=no interface=WAN1 network=24.x.y.0

/interface pppoe-client add name=pppoe-interernet user=xxx@yyy.zz password=123 interface=WAN2 disabled=no

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2


add chain=prerouting in-interface=WAN1 action=accept in-interface=Local1
add chain=prerouting in-interface=WAN2 action=accept in-interface=Local1
add chain=prerouting in-interface=WAN1 action=accept in-interface=Local2
add chain=prerouting in-interface=WAN2 action=accept in-interface=Local2


add chain=prerouting dst-address-type=!local in-interface=Local1 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local1 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=Local2 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local2 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting connection-mark=WAN1_conn in-interface=Local2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local2 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 interface=WAN1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 interface=WAN2 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 interface=WAN1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 interface=WAN2 distance=1 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

**************************************

is that right ??????? it is not working

There are several errors in your posted configuration.
First

add chain=prerouting in-interface=WAN1 action=accept in-interface=Local1
add chain=prerouting in-interface=WAN2 action=accept in-interface=Local1
add chain=prerouting in-interface=WAN1 action=accept in-interface=Local2
add chain=prerouting in-interface=WAN2 action=accept in-interface=Local2

At my knowledge, it is not possible to define two interfaces in the same rule as in-interface. It has to be one of the interfaces, either WAN1 or Local1

Second, if you are accepting connections form interface Local1 and Local2 as the rules above may suggest if they are correct, traffic form those interfaces will not be processed further below, which means the rules of PCC will not work.

Third, in the PCC rules you are using as per-connection-classifier=both-addresses-and-ports. I would suggest to use per-connection-classifier=both-addresses. Dividing the traffic by ports as well could lead to unstable connections, since one local host may initiate more than one connection on the same server from different ports. If those connections will arrive at the server form different IP-s (your two WAN IPs) it may refuse the connection, thus broking it.

Next,

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

In these rules, the in-interface should be Local1 and not Local.

Then, every where you have used WAN2 as interface in your configuration, you should substitute it with pppoe-client interface, because that is the interface which is making the connections, not WAN2.