Hello, i can not reach other network routers, only the main one, because im using NTH load balancing.

Can anyone help me solve this problem?

Thank you in advance.

should we guess your network confiruration?

No you should guess but you should know that (like i told) im using NTH load balancing and when i mark new unseen local addresses then i can reach nothing within my network.

/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=mark new unseen action=add-src-to-address-list address-list=first
address-list-timeout=0s nth=2,1

1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2

2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s

3 chain=mark new unseen action=jump jump-target=mark connection

4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first

5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second

6 chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn

7 chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn

8 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn

9 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second connection-mark=second_conn

10 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local

11 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local

/ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=isp1

1 chain=srcnat action=masquerade out-interface=isp2

/ip firewall address-list> pr
Flags: X - disabled, D - dynamic
# LIST ADDRESS
3 local 192.168.0.0/24
4 local 192.168.1.0/24
5 local 192.168.2.0/24
6 local 172.16.1.0/24
7 local 10.0.0.0/24

Thanks.

in firewall, remove 6,7
then move 11th above 10th and 8,9 below 10th

then add 'dst-address-list=!local' to 10th and 11th

Thank you, its working good now.

If you can tell mes a good solution to join the two wans together to be able to get the speed of the two. ECMP is not working.
How can i achieve it.

Thanks.

Check this article
http://wiki.mikrotik.com/wiki/PCC

Yes i have tried PCC before. This is my configuration. BUT it doesnt join the two networks, so i can not get the full speed of the two connections.
And i can not reach other devices with PCC enabled, i can not remote desktop a local windows box.

/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic

12 chain=input action=mark-connection new-connection-mark=first_conn
passthrough=yes in-interface=ISP1

13 chain=input action=mark-connection new-connection-mark=second_conn
passthrough=yes in-interface=ISP2

14 chain=output action=mark-routing new-routing-mark=first passthrough=yes
connection-mark=first_conn

15 chain=output action=mark-routing new-routing-mark=second passthrough=yes
connection-mark=second_conn

16 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN1

17 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN2

18 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN3

19 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN4

20 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN5

21 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN1

22 chain=prerouting action=accept dst-address=y.y.y.y
in-interface=LAN2

23 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN3

24 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN4

25 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN5

26 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN1
per-connection-classifier=both-addresses:2/0

27 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN2
per-connection-classifier=both-addresses:2/0

28 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN3
per-connection-classifier=both-addresses:2/0

29 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN4
per-connection-classifier=both-addresses:2/0

30 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN5
per-connection-classifier=both-addresses:2/0

31 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN1
per-connection-classifier=both-addresses:2/1

32 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN2
per-connection-classifier=both-addresses:2/1

33 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN3
per-connection-classifier=both-addresses:2/1

34 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN4
per-connection-classifier=both-addresses:2/1

35 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN5
per-connection-classifier=both-addresses:2/1

36 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN1 connection-mark=fisrt_conn

37 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN2 connection-mark=fisrt_conn

38 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN3 connection-mark=fisrt_conn

39 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN4 connection-mark=fisrt_conn

40 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN5 connection-mark=fisrt_conn

41 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN1 connection-mark=second_conn

42 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAn2 connection-mark=second_conn

43 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN3 connection-mark=second_conn

44 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN4 connection-mark=second_conn

45 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN5 connection-mark=second_conn

I have followed you guides(NTH) Chupaka and i can reach other routers on my network, and i can reach other devices with local address, but i can not reach other devices(routers yes) with public address, ex. i have dst-nated port 3389 to a local windows box for remote desktop but i can not connect to ip using public address.
This is the currect config.
/ip firewall mangle> pr
Flags: - disabled, I - invalid, D - dynamic
1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2

2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s

3 chain=mark new unseen action=jump jump-target=mark connection

4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first

5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second

6 X chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn

7 X chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn

8 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local

9 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn

10 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second dst-address-list=!local
connection-mark=second_conn

11 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local dst-address-list=!local

Dont be counfused, im disabling one config before enabling the other.

Thank you.

at first, if you're using NAT, you cannot get full speed of your both connections. each tcp connection will get maximum of one line. it's what load-balancing is.

I have followed you guides(NTH) Chupaka and i can reach other routers on my network, and i can reach other devices with local address, but i can not reach other devices(routers yes) with public address, ex. i have dst-nated port 3389 to a local windows box for remote desktop but i can not connect to ip using public address.
This is the currect config.
/ip firewall mangle> pr
Flags: - disabled, I - invalid, D - dynamic
1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2

2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s

3 chain=mark new unseen action=jump jump-target=mark connection

4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first

5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second

6 X chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn

7 X chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn

8 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local

9 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn

10 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second dst-address-list=!local
connection-mark=second_conn

11 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local dst-address-list=!local

Dont be counfused, im disabling one config before enabling the other.

Thank you.

where's NTH 2,1? and why 11th rule is not before 9th and 10th? and you do not need 3, afaics =)

anyway, you just need to mark all incoming connections from Internet with corresponding mark. something like

When i set the in interfaces to mark-connection the routing tables dont work, only the main one works and the internet comes just from one interface. Also i can reach the windows box with public address when i set the in interfaces but can not when i remove in interfaces.


0 chain=mark new unseen action=add-src-to-address-list address-list=first address-list-timeout=0s nth=2,1

1 chain=mark new unseen action=add-src-to-address-list address-list=second address-list-timeout=0s nth=2,2

2 chain=mark new unseen action=add-src-to-address-list address-list=seen address-list-timeout=0s

3 X chain=mark new unseen action=jump jump-target=mark connection

4 chain=mark connection action=mark-connection new-connection-mark=first_conn passthrough=yes src-address-list=first in-interface=ISP1

5 chain=mark connection action=mark-connection new-connection-mark=second_conn passthrough=yes src-address-list=second in-interface=ISP2

6 X chain=mark connection action=mark-routing new-routing-mark=first passthrough=no connection-mark=first_conn

7 X chain=mark connection action=mark-routing new-routing-mark=second passthrough=no connection-mark=second_conn

8 chain=prerouting action=jump jump-target=mark new unseen connection-state=new src-address-list=local

9 chain=prerouting action=jump jump-target=mark connection connection-state=new src-address-list=local dst-address-list=!local

10 chain=prerouting action=mark-routing new-routing-mark=first passthrough=no src-address-list=first connection-mark=first_conn

11 chain=prerouting action=mark-routing new-routing-mark=second passthrough=no src-address-list=second dst-address-list=!local connection-mark=second_conn

Code: Select all

chain=mark connection in-interface=your_first_connection action=mark-connection new-connection-mark=first_conn
chain=mark connection in-interface=your_second_connection action=mark-connection new-connection-mark=second_conn

this should be added, not edited