RouterOS 7.8 - 2 WAN help

RouterOS Beginner Basics
1

Hi I need a help with simple configuration of PCC load balance
I use 2 WAN. eth1- PPPOE static IP and eth -2 static IP
Load Balance working great . But I don’t have a local ping to router ,connection with Winbox work only by MAC adress local (not with IP), web page work local only if eth2 is disabled.
I would be glad if someone could help me

Here is my config
RouterOS 7.8

/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.3.10-192.168.3.100
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf

/routing table
add fib name=to_ISP1
add fib name=to_ISP2

/interface bridge port
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
add bridge=bridge interface=ether3
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2

/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
add interface=ether2 list=WAN

/ip address
add address=192.168.3.3/24 interface=bridge network=192.168.3.0

/ip dhcp-server network
add address=192.168.3.0/24 gateway=192.168.3.3 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.4.4,8.8.8.8

/ip firewall address-list
add address=192.168.3.0/24 list=LAN-Address

/ip firewall rules
add action=accept chain=input log=yes protocol=icmp
add action=accept chain=forward comment=“default configuration” connection-state=established,related
add action=accept chain=input connection-state=established,related

/ip firewall mangle

add action=mark-connection chain=prerouting comment=“mark Connection” new-connection-mark=wan1 passthrough=yes per-connection-classifier= both-addresses-and-ports:2/0 src-address-list=LAN-Address
add action=mark-connection chain=prerouting new-connection-mark=wan2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan1 new-routing-mark=to_ISP1 passthrough=yes src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan2 new-routing-mark=to_ISP2 passthrough=yes src-address-list=LAN-Address

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN


/ip route
add comment=“Load Banancing 1” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src=“” routing-table=to_ISP1 scope=30 suppress-hw-offload=no target-scope=10
add comment=“Load Banancing 2” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src=“” routing-table=to_ISP2 scope=30 suppress-hw-offload=no target-scope=10

2

I would suggest to remove all Firewall Rules if you are not sure what you want to achieve from them

  • your Firewall Mangle Rules are incomplete for load balancing
  • your Ip Routes are are missing entries for “main”

  1. Remove all Firewall Rules

  2. Correct your Firewall Mangle Rules as under

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=pppoe-out1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=“” in-interface=
ether2 new-connection-mark=WAN2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=LAN-Address new-connection-mark=
WAN1_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=LAN-Address new-connection-mark=
WAN2_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting connection-mark=WAN1_conn
src-address-list=LAN-Address new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn
src-address-list=LAN-Address new-routing-mark=to_ISP2 passthrough=yes

add action=mark-routing chain=output connection-mark=WAN1_conn
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn
new-routing-mark=to_ISP2 passthrough=yes

  1. For Routes

/ip route
add check-gateway=ping disabled=no distance=1
dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src=“” routing-table=main
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=2
dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src=“” routing-table=main
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1
dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src=“” routing-table=to_ISP1
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1
dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src=“” routing-table=
to_ISP2 scope=10 suppress-hw-offload=no target-scope=11

Let me know if it helps

3

What to say. Great help.
Everything went as it should.
a thousand thanks

4

Good to hear that.
Mark it solved then