Hi,

Here is my config.
I hope it's safe to present.

I have 2 problems.
I can't get port forwarding to work with pppoe-out1.
port forwarding is working fine when trying to connect to wlan1.

I'm not sure that the load balancing is working as I notice I am always going out over the DHCP wan port.

Any suggestions would be very appreciated.

Thanks in advance,

Juniorsa

[admin@MikroTik] > /export
# jan/02/1970 11:48:07 by RouterOS 5.2
# software id = K69D-Y4KV
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1522 max-message-age=20s mtu=1500 name=LAN priority=0x8000 \
protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 mac-address=00:0C:42:59:27:7C mtu=1500 name=wlan1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:59:27:7D master-port=none mtu=1500 name=\
wlan2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:59:27:7E master-port=none mtu=1500 name=\
ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:59:27:7F master-port=none mtu=1500 name=\
ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:59:27:80 master-port=none mtu=1500 name=\
ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=none name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" \
static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 supplicant-identity=MikroTik \
tls-certificate=none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=pool1 ranges=192.168.5.100,192.168.5.200
add name=dhcp_pool1 ranges=192.168.5.100-192.168.5.200
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=3d name=dhcp1
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none stop-bits=1
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=default use-compression=default use-encryption=yes use-mpls=default use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=wlan2 max-mru=1452 max-mtu=1452 mrru=disabled name=pppoe-out1 \
password=xxxxx profile=default service-name="" use-peer-dns=no user=xxxx
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no \
redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=\
20 name=default out-filter=ospf-out redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no router-id=\
0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
/snmp
set contact="" enabled=no engine-id="" location="" trap-target=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES name=public read-access=yes security=\
none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes enter-setup-on=any-key \
force-backup-booter=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes enter-setup-on=any-key \
force-backup-booter=no
/user group
add name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,!ftp,!write,!policy
add name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,!ftp,!policy
add name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api
/interface bridge port
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none interface=ether5 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set wlan2
set ether3
set ether4
set ether5
set switch1_cpu
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:84:17:5A:01:B4 max-mtu=1500 mode=ip \
netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled port=443 \
verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=\
no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 \
streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.5.1/24 comment="added by setup" disabled=no interface=ether3 network=192.168.5.0
/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=no interface=wlan1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.5.0/24 dns-server=192.168.5.1,192.168.6.1 gateway=192.168.5.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=192.168.5.1,192.168.6.1
/ip dns static
add address=192.168.5.4 disabled=no name=miffy.dido.ca ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=wlan1 new-connection-mark=wlan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=wlan2 new-connection-mark=wlan2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wlan1_conn disabled=no new-routing-mark=to_wla1 passthrough=yes
add action=mark-routing chain=output connection-mark=wlan1_conn disabled=no new-routing-mark=to_wla2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=wlan1
add action=dst-nat chain=dstnat disabled=no dst-port=22 in-interface=wlan1 protocol=tcp to-addresses=192.168.5.4 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=wlan1 protocol=tcp to-addresses=192.168.5.4 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=25 in-interface=wlan1 protocol=tcp to-addresses=192.168.5.4 to-ports=25
add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=wlan1 protocol=udp to-addresses=192.168.5.4 to-ports=53
add action=dst-nat chain=dstnat disabled=no dst-port=22 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.5.4 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.5.4 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=25 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.5.4 to-ports=25
add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.5.4 to-ports=53
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set wlan1 discover=yes
set wlan2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set pppoe-out1 discover=no
set LAN discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 max-fresh-time=3d \
max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wlan1 routing-mark=to_wla1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wlan2 routing-mark=to_wla2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/32 gateway=wlan2,wlan1 scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=8080
set ssh disabled=no port=222
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set wlan1 queue=ethernet-default
set wlan2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no redistribute-connected=no \
redistribute-ospf=no redistribute-static=no routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535 filter-protocol=all-frames filter-stream=yes interface=all memory-limit=\
10 memory-scroll=yes only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[admin@MikroTik] >

As first thing, try not to post the whole configuration of router as it would be easier to read.

Second, I don't think you are load balancing using PCC, from your configuration you are only marking incoming traffic, and that
one goes out through the same interface it came. But you are not marking traffic from clients in prerouting chain. And the routes make no sense: While the first two routes would serve for traffic from router or to router, the third one would have been the one
serving for the clients, only that dst-address is wrong. It should be dst-address=0.0.0.0/0 (not 0.0.0.0/32)

Can you suggest the settings that would provide load balancing?

Also I have no idea how to do preferred routing based on destination address.

There are several ranges of IPs that I would like to have take specific connections.

Thanks for your help, I will make the changes that you suggest on routing.

juniorsa

I spoke too soon.
Using winbox how do I make these changes?
Sorry I'm really trying to learn.

ok so I finally figured out how to change the route statements

/ip route export
# may/02/2011 04:11:42 by RouterOS 5.2
# software id = K69D-Y4KV
#
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wlan1 routing-mark=to_wla1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wlan2 routing-mark=to_wla2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wlan2,wlan1 scope=30 target-scope=10

Can anyone let me know how to change my mangle statements to do outbound loadbalancing?
Also I need some statements to choose a preferred route if available based on destination IP

Thanks in advance.

Check the article in the wiki about PCC

http://wiki.mikrotik.com/wiki/PCC