Hi All,
My config is as follows:

/ip firewall mangle
add action=accept chain=prerouting comment=“mai e izlishno” disabled=yes in-interface=ether1
add action=accept chain=prerouting comment=“mai e izlishno” disabled=yes in-interface=ether2
add action=mark-connection chain=prerouting comment=“Connection mark for traffic initiated from WAN 1 towards ROS” connection-mark=
no-mark connection-state=new in-interface=ether1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting comment=“Connection mark for traffic initiated from WAN 2 towards ROS” connection-mark=
no-mark connection-state=new in-interface=ether2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-routing chain=output comment=“Routing mark for traffic initiated from the router itself wan1” connection-mark=
wan1_conn new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=output comment=“Routing mark for traffic initiated from the router itself wan2” connection-mark=
wan2_conn new-routing-mark=to_wan2 passthrough=no
add action=mark-connection chain=prerouting comment=“load banance 5.0” connection-state=new dst-address-type=!local
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting comment=“load banance 10.0” connection-state=new disabled=yes dst-address-type=!local
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.10.0/24
add action=mark-connection chain=prerouting comment=“load banance 5.0” connection-state=new dst-address-type=!local
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting comment=“load banance 10.0” connection-state=new disabled=yes dst-address-type=!local
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.10.0/24
add action=mark-routing chain=prerouting comment=“load banance 5.0” connection-mark=wan1_conn connection-state=new new-routing-mark=
to_wan1 passthrough=yes src-address=192.168.5.0/24
add action=mark-routing chain=prerouting comment=“load banance 10.0” connection-mark=wan1_conn connection-state=new disabled=yes
new-routing-mark=to_wan1 passthrough=yes src-address=192.168.10.0/24
add action=mark-routing chain=prerouting comment=“load banance 5.0” connection-mark=wan2_conn connection-state=new new-routing-mark=
to_wan2 passthrough=yes src-address=192.168.5.0/24
add action=mark-routing chain=prerouting comment=“load banance 10.0” connection-mark=wan2_conn connection-state=new disabled=yes
new-routing-mark=to_wan2 passthrough=yes src-address=192.168.10.0/24


/routing table
add disabled=no fib name=to_wan1
add disabled=no fib name=to_wan2

/ip dhcp-client
add comment=WAN1 interface=ether1 script="{\r
\n :local rmark “to_wan1”\r
\n :local count [/ip route print count-only where comment=“to_wan1”]\r
\n :if ($bound=1) do={\r
\n :if ($count = 0) do={\r
\n /ip route add distance=1 gateway=$“gateway-address” check-gateway=ping routing-mark=to_wan1 comment="to_wan1
“\r
\n /ip route add distance=1 gateway=$“gateway-address” check-gateway=ping comment=“to_wan1”\r
\n } else={\r
\n :if ($count = 1) do={\r
\n :local test [/ip route find where comment=“to_wan1”]\r
\n :if ([/ip route get $test gateway] != $“gateway-address”) do={\r
\n /ip route set $test gateway=$“gateway-address”\r
\n }\r
\n } else={\r
\n :error “Multiple routes found”\r
\n }\r
\n }\r
\n } else={\r
\n /ip route remove [find comment=“to_wan1”]\r
\n }\r
\n }\r
\n\r
\n” use-peer-dns=no use-peer-ntp=no

Interface not active

add comment=“for backup from rsd mobile” default-route-distance=5 interface=wlan1 use-peer-ntp=no
add comment=WAN2 interface=ether2 script="{\r
\n :local rmark “to_wan2”\r
\n :local count [/ip route print count-only where comment=“to_wan2”]\r
\n :if ($bound=1) do={\r
\n :if ($count = 0) do={\r
\n /ip route add distance=1 gateway=$“gateway-address” check-gateway=ping routing-mark=to_wan2 comment="to_wan2
“\r
\n /ip route add distance=1 gateway=$“gateway-address” check-gateway=ping comment=“to_wan2”\r
\n } else={\r
\n :if ($count = 1) do={\r
\n :local test [/ip route find where comment=“to_wan2”]\r
\n :if ([/ip route get $test gateway] != $“gateway-address”) do={\r
\n /ip route set $test gateway=$“gateway-address”\r
\n }\r
\n } else={\r
\n :error “Multiple routes found”\r
\n }\r
\n }\r
\n } else={\r
\n /ip route remove [find comment= “to_wan2”]\r
\n }\r
\n }\r
\n\r
\n” use-peer-dns=no use-peer-ntp=no

When I monitor the connections, sometimes the marking is confused as it is through wan1_con and the traffic goes through wan2 which is my ether 2 backup. My 2 providers have dynamically assigned public addresses. The other problem is that neither the public address nor the other is pinged from the outside. I also have no access to the router from the outside. If I stop one of my 2 providers by blocking the port, the access from the outside and the ping work. The interesting thing is that before I made the pcc config, I had working access to home assistant from the outside and from inside the local network, after this config with both providers, I only have access from the outside, when I connect to wifi in the local network I have access to the private IP address through a browser, but not through the assistant application. When I am with the 2nd wan port, the wireguard vpn tunnel that I use to access the local network stops working. I have stopped fast track and fast path. Between the router and the local network there is also a virtualized opnsense with zenarmor in transparent bridge mode, I have tried stopping it for a while, the situation does not change.

In my log this also appears: executing script from dhcpclient failed, please check it manually

In addition, how can I make a certain host on the network go through only one provider?

Diagram and requirements needed to assess if your config actually works
a. identify all users and devices , external and internal, including admin
b. identify all traffic flow required.
c. detail WAN situation public private, static dynamic etc…

Would not even look at your config without knowing the full set of rquirements.

• any port forwarding ( servers)
• any vlans like wireuard
• any exceptions to pcc load balancing ( aka some devices only go out certain wan )
  -etc.

This is my full config:

# 2024-12-21 15:50:36 by RouterOS 7.16.1
# software id = 9N1C-LPAX
#
# model = RBD52G-5HacD2HnD
# serial number = *********
/interface bridge
add name=bridge-LAN port-cost-mode=short
add name=bridge-guest port-cost-mode=short
add name=bridge-vlan10 port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment="WAN1 primary epon" mac-address=\
    **************
set [ find default-name=ether2 ] comment="WAN2 backup mobile"
set [ find default-name=ether4 ] comment=ant.roof
set [ find default-name=ether5 ] comment="opnsense->sw core "

/interface vlan
add interface=bridge-LAN name="vlan10-bridge lan" vlan-id=10
add interface=ether4 name="vlan10-eth4 maika" vlan-id=10
add interface=ether5 name=vlan20-HA vlan-id=20
add interface=bridge-LAN name=vlan100-guests vlan-id=100

/ip kid-control
add disabled=yes fri=9h-21h mon=9h-21h name=Slavi sat=9h-21h sun=9h-21h thu=\
    9h-21h tue=9h-21h tur-fri=9h-21h tur-mon=9h-21h tur-sat=9h-21h tur-sun=\
    9h-21h tur-thu=9h-21h tur-tue=9h-21h tur-wed=9h-21h wed=9h-21h
/ip pool
add name=dhcp_pool_LAN ranges=192.168.5.10-192.168.5.100
add name=dhcp_pool_slav ranges=192.168.10.10-192.168.10.100
add name=dhcp_pool_guests ranges=10.1.10.200-10.1.10.220
add name=dhcp_pool_HA ranges=192.168.20.10-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool_LAN authoritative=after-2sec-delay interface=\
    bridge-LAN lease-time=10m name=dhcp-home
add address-pool=dhcp_pool_slav interface=bridge-vlan10 lease-time=10m name=\
    dhcp-slav
add address-pool=dhcp_pool_guests interface=bridge-guest lease-time=2h name=\
    dhcp-guests
add address-pool=dhcp_pool_HA interface=vlan20-HA lease-time=10m name=dhcp-HA
/ip smb users
set [ find default=yes ] disabled=yes

/routing table
add disabled=no fib name=to_wan1
add disabled=no fib name=to_wan2

/interface bridge port
add bridge=bridge-LAN interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge-LAN interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge-LAN interface=wlan3-5G internal-path-cost=10 path-cost=10
add bridge=bridge-guest interface=wlan4-guests5G internal-path-cost=10 \
    path-cost=10
add bridge=bridge-guest interface=wlan2-guests internal-path-cost=10 \
    path-cost=10
add bridge=bridge-guest interface=vlan100-guests internal-path-cost=10 \
    path-cost=10
add bridge=bridge-vlan10 interface="vlan10-bridge lan" internal-path-cost=10 \
    path-cost=10
add bridge=bridge-vlan10 interface="vlan10-eth4 maika" internal-path-cost=10 \
    path-cost=10
add bridge=bridge-LAN disabled=yes interface=ether2
/interface bridge settings
set use-ip-firewall=yes
/ip firewall connection tracking
set udp-timeout=10s
/ip settings
set allow-fast-path=no rp-filter=strict tcp-syncookies=yes

/ip address
add address=192.168.5.1/24 interface=bridge-LAN network=192.168.5.0
add address=192.168.10.1/24 interface=bridge-vlan10 network=192.168.10.0
add address=10.1.10.1/24 interface=bridge-guest network=10.1.10.0
add address=192.168.6.1/24 interface=wireguard-server1 network=192.168.6.0
add address=192.168.20.1/24 interface=vlan20-HA network=192.168.20.0
/ip dhcp-client
add comment=WAN1 interface=ether1 script="{\r\
    \n       :local rmark \"to_wan1\"\r\
    \n       :local count [/ip route print count-only where comment=\"to_wan1\
    \"]\r\
    \n       :if (\$bound=1) do={\r\
    \n           :if (\$count = 0) do={\r\
    \n               /ip route add distance=1 gateway=\$\"gateway-address\" ch\
    eck-gateway=ping routing-mark=to_wan1 comment=\"to_wan1\"\r\
    \n               /ip route add distance=1 gateway=\$\"gateway-address\" ch\
    eck-gateway=ping comment=\"to_wan1\"\r\
    \n           } else={\r\
    \n               :if (\$count = 1) do={\r\
    \n                   :local test [/ip route find where comment=\"to_wan1\"\
    ]\r\
    \n                   :if ([/ip route get \$test gateway] != \$\"gateway-ad\
    dress\") do={\r\
    \n                       /ip route set \$test gateway=\$\"gateway-address\
    \"\r\
    \n                   }\r\
    \n               } else={\r\
    \n                   :error \"Multiple routes found\"\r\
    \n               }\r\
    \n           }\r\
    \n       } else={\r\
    \n           /ip route remove [find comment=\"to_wan1\"]\r\
    \n       }\r\
    \n   }\r\
    \n\r\
    \n" use-peer-dns=no use-peer-ntp=no
# Interface not active
add comment="for backup from rsd mobile" default-route-distance=5 interface=\
    wlan1 use-peer-ntp=no
add comment=WAN2 interface=ether2 script="{\r\
    \n       :local rmark \"to_wan2\"\r\
    \n       :local count [/ip route print count-only where comment=\"to_wan2\
    \"]\r\
    \n       :if (\$bound=1) do={\r\
    \n           :if (\$count = 0) do={\r\
    \n               /ip route add distance=1 gateway=\$\"gateway-address\" ch\
    eck-gateway=ping routing-mark=to_wan2 comment=\"to_wan2\"\r\
    \n               /ip route add distance=1 gateway=\$\"gateway-address\" ch\
    eck-gateway=ping comment=\"to_wan2\"\r\
    \n           } else={\r\
    \n               :if (\$count = 1) do={\r\
    \n                   :local test [/ip route find where comment=\"to_wan2\"\
    ]\r\
    \n                   :if ([/ip route get \$test gateway] != \$\"gateway-ad\
    dress\") do={\r\
    \n                       /ip route set \$test gateway=\$\"gateway-address\
    \"\r\
    \n                   }\r\
    \n               } else={\r\
    \n                   :error \"Multiple routes found\"\r\
    \n               }\r\
    \n           }\r\
    \n       } else={\r\
    \n           /ip route remove [find comment=\"to_wan2\"]\r\
    \n       }\r\
    \n   }\r\
    \n\r\
    \n" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server alert
add disabled=no interface=bridge-LAN valid-server=02:00:00:AA:00:00

/ip dhcp-server network
add address=10.1.10.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=\
    10.1.10.1
add address=192.168.5.0/24 dns-server=192.168.5.47 gateway=192.168.5.1
add address=192.168.5.34/32 comment="android stb home holl A1" dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.5.1
add address=192.168.5.38/32 comment="tanix tx3 mini home spalnia eth" \
    dns-server=208.67.222.222,208.67.220.220 gateway=192.168.5.1
add address=192.168.6.0/24 comment=wireguard dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.6.1
add address=192.168.10.0/24 dns-server=192.168.5.47 gateway=192.168.10.1
add address=192.168.10.100/32 comment="Slav Samsung TV" dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=\
    192.168.20.1
/ip dns
set servers=192.168.5.47
/ip firewall address-list
add address=192.168.5.0/24 list=management

add address=192.168.10.0/24 list=management
add address=192.168.5.25 disabled=yes list=allowed_ip
add address=192.168.5.58 list="home trusted"
add address=192.168.5.36 list="home trusted"
add address=192.168.10.90 list="home trusted"
add address=192.168.10.99 list="home trusted"
add address=192.168.10.100 list="home trusted"
add address=192.168.5.56 list="home trusted"
add address=192.168.10.1 list="home trusted"
add address=192.168.10.2 list="home trusted"
add address=192.168.10.3 list="home trusted"
add address=192.168.10.4 list="home trusted"
add address=192.168.5.3 list="home trusted"
add address=192.168.10.63 list="home trusted"
add address=192.168.5.30 comment="rsd hp745 home detska" list="home trusted"
add address=192.168.10.49 comment="slav naves tv to nas" list="home trusted"
add address=192.168.5.19 list="home trusted"
add address=192.168.6.0/24 comment=wireguard list=management
add address=192.168.5.23 comment="homeassistant prox" list="home trusted"
add address=192.168.216.3 comment="rangel back to home vpn" list=management
add address=192.168.5.16 comment="pihole pi4 4gb" list="home trusted"
add address=192.168.10.16 list="home trusted"
add address=192.168.5.122 comment="ipfire green" list="home trusted"
add address=192.168.5.111 comment="ipfire red" list="home trusted"
add address=192.168.5.35 comment=OPNsense list="home trusted"
add address=192.168.5.6 comment=Proxmox list="home trusted"
add address=192.168.5.47 comment="pihole prox" list="home trusted"
add address=192.168.5.43 comment="homeassistant prox" list="home trusted"
/ip firewall filter
add action=accept chain=input dst-port=21 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=2000 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=80 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=8728 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=23 protocol=tcp src-address-list=\
    management
add action=accept chain=forward comment="otdelqne 5 ot 10 mreja izkluchenia" \
    dst-address=192.168.5.0/24 dst-address-list="home trusted" src-address=\
    192.168.10.0/24
add action=accept chain=forward comment="otdelqne 10 ot 5 mreja izkluchenia" \
    dst-address=192.168.10.0/24 src-address=192.168.5.0/24 src-address-list=\
    "home trusted"
add action=accept chain=forward comment=\
    "otdelqne 5 ot 20 mreja izkluchenia home assistant" dst-address=\
    192.168.5.23 src-address=192.168.20.0/24
add action=accept chain=forward comment=\
    "otdelqne 20 ot 5 mreja izkluchenia home assistant" dst-address=\
    192.168.20.0/24 src-address=192.168.5.23
add action=accept chain=forward comment=\
    "otdelqne 5 ot 20 mreja izkluchenia opnsense" dst-address=192.168.5.35 \
    src-address=192.168.20.0/24
add action=accept chain=forward comment=\
    "otdelqne 20 ot 5 mreja izkluchenia opnsense" dst-address=192.168.20.0/24 \
    src-address=192.168.5.35
add action=accept chain=forward comment=\
    "guest fasttrack exclude ne rabotiat pravilno" connection-state=\
    established,related disabled=yes dst-address=10.1.10.0/24
add action=accept chain=forward comment=\
    "guest fasttrack exclude ne rabotiat pravilno" disabled=yes src-address=\
    10.1.10.0/24
add action=fasttrack-connection chain=forward comment="fasttrack connection" \
    connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="fasttrack connection" \
    connection-state=established,related disabled=yes
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment=\
    "Port scanners list -  exclude sam s10e" disabled=yes protocol=tcp psd=\
    21,3s,3,1 src-address=!192.168.5.36
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment=\
    "Add NMAP NULL scan to Port Scanners address list" in-interface=ether1 \
    protocol=tcp src-address-list=!allowed_ip tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input dst-port=21 protocol=tcp
add action=drop chain=input dst-port=22 protocol=tcp
add action=drop chain=input dst-port=23 protocol=tcp
add action=drop chain=input dst-port=80 protocol=tcp
add action=drop chain=input dst-port=443 protocol=tcp
add action=drop chain=input dst-port=2000 protocol=tcp
add action=drop chain=input dst-port=8291 protocol=tcp
add action=drop chain=input dst-port=8728 protocol=tcp
add action=drop chain=forward comment="otdelqne 10.1.10.0 ot 5 mreja" \
    dst-address=192.168.5.0/24 src-address=10.1.10.0/24
add action=drop chain=forward comment="otdelqne 10.1.10.0 ot 5 mreja" \
    dst-address=10.1.10.0/24 src-address=192.168.5.0/24
add action=drop chain=forward comment="otdelqne 10.1.10.0 ot 10 mreja" \
    dst-address=192.168.10.0/24 src-address=10.1.10.0/24
add action=drop chain=forward comment="otdelqne 10.1.10.0 ot 10 mreja" \
    dst-address=10.1.10.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="otdelqne 5 ot 10 mreja" dst-address=\
    192.168.5.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="otdelqne 10 ot 5 mreja" dst-address=\
    192.168.10.0/24 src-address=192.168.5.0/24
add action=drop chain=forward comment="otdelqne 5 ot 20 mreja" dst-address=\
    192.168.5.0/24 src-address=192.168.20.0/24
add action=drop chain=forward comment="otdelqne 20 ot 5 mreja" dst-address=\
    192.168.20.0/24 src-address=192.168.5.0/24
add action=drop chain=forward comment="otdelqne 10 ot 20 mreja" dst-address=\
    192.168.10.0/24 src-address=192.168.20.0/24
add action=drop chain=forward comment="otdelqne 20 ot 10 mreja" dst-address=\
    192.168.20.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="block nexus 7 internet" disabled=yes \
    out-interface=ether1 src-address=192.168.5.45
add action=drop chain=forward comment="ps4 update" dst-address-list=blocked
add action=drop chain=input comment="dropping port scanners" \
    src-address-list="port scanners"
add action=drop chain=forward comment="fasttrack connection" \
    connection-state=invalid
add action=drop chain=input comment="Block DdosAtack" dst-port=53 \
    in-interface=ether1 protocol=udp
add action=drop chain=input comment="Block DdosAtack" dst-port=53 \
    in-interface=ether1 protocol=tcp
add action=drop chain=input comment="block gate" disabled=yes src-address=\
    91.139.192.1
add action=drop chain=forward comment="block facebook" content=facebook \
    disabled=yes dst-port=80,443 protocol=tcp src-address=192.168.5.0/24
add action=drop chain=forward comment="block unknown dhcp i network" \
    disabled=yes dst-port=68 protocol=udp src-address=!192.168.5.1 src-port=\
    67
/ip firewall mangle
add action=accept chain=prerouting comment="mai e izlishno" disabled=yes \
    in-interface=ether1
add action=accept chain=prerouting comment="mai e izlishno" disabled=yes \
    in-interface=ether2
add action=mark-connection chain=prerouting comment=\
    "Connection mark for traffic initiated from WAN 1 towards ROS" \
    connection-mark=no-mark connection-state=new in-interface=ether1 \
    new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "Connection mark for traffic initiated from WAN 2 towards ROS" \
    connection-mark=no-mark connection-state=new in-interface=ether2 \
    new-connection-mark=wan2_conn passthrough=yes
add action=mark-routing chain=output comment=\
    "Routing mark for traffic initiated from the router itself wan1" \
    connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=output comment=\
    "Routing mark for traffic initiated from the router itself wan2" \
    connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=no
add action=mark-connection chain=prerouting comment="load banance 5.0" \
    connection-state=new dst-address-type=!local new-connection-mark=\
    wan1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting comment="load banance 10.0" \
    connection-state=new disabled=yes dst-address-type=!local \
    new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0 src-address=192.168.10.0/24
add action=mark-connection chain=prerouting comment="load banance 5.0" \
    connection-state=new dst-address-type=!local new-connection-mark=\
    wan2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting comment="load banance 10.0" \
    connection-state=new disabled=yes dst-address-type=!local \
    new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1 src-address=192.168.10.0/24
add action=mark-routing chain=prerouting comment="load banance 5.0" \
    connection-mark=wan1_conn connection-state=new new-routing-mark=to_wan1 \
    passthrough=yes src-address=192.168.5.0/24
add action=mark-routing chain=prerouting comment="load banance 10.0" \
    connection-mark=wan1_conn connection-state=new disabled=yes \
    new-routing-mark=to_wan1 passthrough=yes src-address=192.168.10.0/24
add action=mark-routing chain=prerouting comment="load banance 5.0" \
    connection-mark=wan2_conn connection-state=new new-routing-mark=to_wan2 \
    passthrough=yes src-address=192.168.5.0/24
add action=mark-routing chain=prerouting comment="load banance 10.0" \
    connection-mark=wan2_conn connection-state=new disabled=yes \
    new-routing-mark=to_wan2 passthrough=yes src-address=192.168.10.0/24
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=\
    yes new-packet-mark=other passthrough=no
add action=mark-connection chain=prerouting disabled=yes dst-port=80 \
    new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=\
    yes new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting disabled=yes new-connection-mark=\
    other_conn passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="masq 5.0 wan1" out-interface=\
    ether1 src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment="masq 5.0 wan2" out-interface=\
    ether2 src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment="masq 20.0 HA" src-address=\
    192.168.20.0/24
add action=masquerade chain=srcnat comment="masq wireguard" src-address=\
    192.168.6.0/24
add action=masquerade chain=srcnat comment="masq 10.0" src-address=\
    192.168.10.0/24
add action=masquerade chain=srcnat comment="masq Guest" src-address=\
    10.1.10.0/24
add action=masquerade chain=srcnat comment="3g modem" disabled=yes \
    src-address=192.168.8.0/24
add action=masquerade chain=srcnat comment="backup from rsd mobile" \
    out-interface=wlan1 src-address=192.168.150.0/24
add action=accept chain=dstnat comment="dns accept for ps4 exploit" dst-port=\
    53 in-interface=bridge-LAN protocol=udp src-address=192.168.5.7
add action=accept chain=dstnat comment="dns accept for ninswitch exploit" \
    dst-port=53 in-interface=bridge-LAN protocol=udp src-address=192.168.5.27
add action=dst-nat chain=dstnat comment="WoL NAS from outside" disabled=yes \
    dst-port=7000 protocol=udp to-addresses=192.168.5.2 to-ports=7

/ip firewall raw
add action=drop chain=prerouting dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=prerouting dst-port=53 in-interface=ether1 protocol=udp
/ip firewall service-port
set sip disabled=yes
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip kid-control device
add mac-address=10:BF:48:F5:8D:0D name="Nexus 7 Tablet" user=Slavi
add mac-address=EC:0E:C4:D5:EA:A4 name="ps vita" user=Slavi
/ip service
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub


/user group
add name=HomeAssistant policy="reboot,read,write,policy,test,api,!local,!telne\
    t,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"

I’ll try to draw a block diagram later.

What I want to achieve is for both uplinks to work simultaneously and balancedly, and if one fails, it should continue to work through the other. When I download something, I need to be able to use the capacity of both at the same time. The other thing is for certain hosts to only go out of the network through one of the two providers. I want both public IP addresses to be accessible from the outside for management.