Hi everyone, I have two uplinks in my Mikrotik; the PCC doesn’t work correctly. So I want to share my configuration
export
# feb/24/2026 16:43:47 by RouterOS 6.49.19
# software id = IMZ4-9E23
#
# model = RB750Gr3
# serial number = /removed by mod/
/interface ethernet
set \[ find default-name=ether3 \] mac-address=C4:AD:34:95:33:08
set \[ find default-name=ether4 \] mac-address=C4:AD:34:95:33:09
set \[ find default-name=ether1 \] mac-address=C4:AD:34:95:33:06 name=ether_ISP1
set \[ find default-name=ether2 \] disabled=yes mac-address=C4:AD:34:95:33:07
name=ether_ISP2
set \[ find default-name=ether5 \] mac-address=C4:AD:34:95:33:0A name=ether_LAN
/interface wireless security-profiles
set \[ find default=yes \] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether_LAN name=dhcp1
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.1.104/24 interface=ether_ISP1 network=192.168.1.0
add address=192.168.2.104/24 interface=ether_ISP2 network=192.168.2.0
add address=192.168.100.1/24 interface=ether_LAN network=192.168.100.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=
ether_LAN
add action=accept chain=prerouting dst-address=192.168.100.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=
ether_LAN
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new in-interface=ether_ISP2 new-connection-mark=ISP2
passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new in-interface=ether_ISP1 new-connection-mark=ISP1
passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=
ISP2_table
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=
ISP1_table
add action=mark-connection chain=prerouting comment=pcc connection-mark=no-mark
connection-state=new dst-address-type=!local in-interface=ether_LAN
new-connection-mark=ISP2 passthrough=yes per-connection-classifier=
both-addresses:2/1
add action=mark-connection chain=prerouting comment="pcc 1" connection-mark=
no-mark connection-state=new dst-address-type=!local in-interface=ether_LAN
new-connection-mark=ISP1 passthrough=yes per-connection-classifier=
both-addresses:2/0
add action=mark-connection chain=input connection-state=new in-interface=
ether_ISP1 new-connection-mark=ISP1
add action=mark-connection chain=input connection-state=new in-interface=
ether_ISP2 new-connection-mark=ISP2
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=
ether_LAN new-routing-mark=ISP1_table
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=
ether_LAN new-routing-mark=ISP2_table
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether_ISP1
add action=masquerade chain=srcnat out-interface=ether_ISP2
add action=dst-nat chain=dstnat comment="Winbox to Hotspot" dst-address=
192.168.1.104 dst-port=8888 protocol=tcp to-addresses=192.168.100.104
to-ports=8291
add action=dst-nat chain=dstnat comment="Winbox to Hotspot" dst-address=
192.168.2.104 dst-port=8888 protocol=tcp to-addresses=192.168.100.104
to-ports=8291
add action=dst-nat chain=dstnat comment="HTTP to Hotspot" dst-address=
192.168.1.104 dst-port=8080 protocol=tcp to-addresses=192.168.100.104
to-ports=80
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=ISP2_table
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=ISP1_table
add distance=1 gateway=192.168.1.1
add distance=2 gateway=192.168.2.1
/system clock
set time-zone-name=Asia/Hebron
/system identity
Hi.
What the first 3 action=accept chain=prerouting rules do? Are you sure those are not preventing your traffic to be processed by the rest of the chain?
i don’t have experience in load balancing. I saw in youtube video, and I followed what he did.
pe1chl
February 26, 2026, 10:02pm
4
The problem with Youtube videos is that they are often made by people without a clue what they are talking about.
Do not follow advise from Youtube videos unless they are from the MikroTik Youtube channel.
To setup failover/load_balancing use the MikroTik manual instead.
- Failover (WAN Backup) - RouterOS - MikroTik Documentation
- Per connection classifier - RouterOS - MikroTik Documentation
I did the Load balancing from Mikrotik as you mentioned, and everything is good in the beginning, but when one of the uplinks is down, e.g 192.168.2.1, the route is still reachable and maybe get no internet connection , i added in netwatch to disable route when it is down , suddenly the two uplinks is disabled ang not to get back up .
@pe1chl look at my configuration you will see like the manual in PCC.
In addition when i do ping in 192.168.2.1 the ping is ok , but when 8.8.8.8 on ether-ISP2 , the ping timeout ,
i think there is a real problem i don’t understand where ,
pe1chl
February 27, 2026, 8:36am
6
Do the failover in the way described in the first document above. Failover and PCC are independent.
Here is my configuration according the decoumention
@pe1chl
/interface ethernet
@pe1chl @Dartmaul
i tried another solution ,
model = RB750Gr3
/interface bridge
I can’t get my head around most of your mangle rules, except maybe the first 4.
Anyway, that’s how I’d do that
/ip firewall mangleadd action=mark-connection chain=postrouting comment=Just-in-case-you-(will)use-dst-nat connection-mark=no-mark connection-nat-state=dstnat new-connection-mark=dst_natted out-interface=Bridge_LANadd action=jump chain=prerouting comment=LAN-to-PCC connection-mark=!dst_natted dst-address-list=!RFC1918 in-interface=Bridge_LAN jump-target=pcc_WANadd action=mark-connection chain=pcc_WAN comment=mark_WAN1 connection-mark=no-mark connection-state=new new-connection-mark=WAN1 per-connection-classifier=both-addresses-and-ports:2/0add action=mark-connection chain=pcc_WAN comment=mark_WAN2 connection-mark=no-mark connection-state=new new-connection-mark=WAN2 per-connection-classifier=both-addresses-and-ports:2/1add action=mark-routing chain=pcc_WAN comment=to_WAN1 connection-mark=to_MF new-routing-mark=WAN1 passthrough=noadd action=mark-routing chain=pcc_WAN comment=to_WAN2 connection-mark=to_PSK new-routing-mark=WAN2 passthrough=no
Sorry to bother you. May i have the full code to do PCC + FAILOVER + hotspot in another mikrtoik
i can’t understand all of these just i followed some people
@Dartmaul
pe1chl
March 4, 2026, 9:33am
11
I don’t have practical experience doing this with RouterOS v6, I moved on to v7 before trying the recursive routing solution. But I know it works OK for me, using the docs I mentioned above. And also with a more complicated config that allows pinging multiple remote systems to validate the internet connection.
Of course getting something like this to work is beyond “I tried this and it did not work”. You need to build the whole thing in layers from the bottom and validate each step before you move on to the next.