it is necessary to add switches, AP MAC address and ip address to ip binding for hotspot network?
will this affect the speed of the network if i didn't set it?

You need to bypass them only if you want to access them from outside the hotspot interface.
add: ...or the device needs access to the outside world for NTP, DNS, etc.

It shouldn't affect the speed of the network unless one or more devices are unruly and try to connect to the internet non-stop.

You need to bypass them only if you want to access them from outside the hotspot interface.
add: ...or the device needs access to the outside world for NTP, DNS, etc.

It shouldn't affect the speed of the network unless one or more devices are unruly and try to connect to the internet non-stop.

what happened will cause this?
i found it at log there.
"RADIUS accounting request not sent: no response"
The hotspot user always cannot login, it say RADIUS server not responding. but after a few try, they have successful login.

That is a different problem. Normally I see that with FreeRADIUS2 as the RADIUS server. There is a 1 second delay on Access-Reject messages. Try this.

That is a different problem. Normally I see that with FreeRADIUS2 as the RADIUS server. There is a 1 second delay on Access-Reject messages. Try this.

Code: Select all

/radius
print detail
set 0 timeout=2s

i am using mikrotik own Radius server.

here is the detail..
[nelson@TPWiFi2] /radius>> print detail
Flags: X - disabled
0 service=hotspot called-id="" domain="" address=10.0.0.1 secret="0204"
authentication-port=1812 accounting-port=1813 timeout=3s
accounting-backup=no realm=""

Is user manager in the same router, or is it remote?

Is user manager in the same router, or is it remote?

at another router.

i use 2 CCR1016.
One for 4 WAN PPPOE load balancing, another one for hotspot server.
But userman database host at first router.
hotspot server host at CCR2.
Because i am unable to use PCC with hotspot, so i use 2 CCR to do it.

One for 4 WAN PPPOE load balancing, another one for hotspot server.

and later...

The hotspot user always cannot login, it say RADIUS server not responding. but after a few try, they have successful login.

It wouldn't be every 4th login attempt that works, would it?

One for 4 WAN PPPOE load balancing, another one for hotspot server.

and later...

The hotspot user always cannot login, it say RADIUS server not responding. but after a few try, they have successful login.

It wouldn't be every 4th login attempt that works, would it?

you mean the user need try until 4th time then just can successful login?
or the 4th user can login successful without any problem?

My point is: You have load balancing on that router, and you can't login except after a "few attempts". If it is the load balancing affecting your login attempts, then every 4th attempt will be successful, whether it is just one client trying it 4 times, or 4 clients and only one logs in.

Also, the dns must be working for the hotspot to redirect to the login page. No dns service, no login.

My point is: You have load balancing on that router, and you can't login except after a "few attempts". If it is the load balancing affecting your login attempts, then every 4th attempt will be successful, whether it is just one client trying it 4 times, or 4 clients and only one logs in.

Also, the dns must be working for the hotspot to redirect to the login page. No dns service, no login.

so i better set one CCR for load balancing only, another CCR unit for hotspot server, userman database?

Isn't there a less expensive way to do that? Can you temporarily disable your load balancing for a test? Use only one WAN (no load balancing) and see if the symptoms persist. If you can login all the time, or never, then you will know where the problem is. It may require a simple fix. If it makes no difference, you know the problem lies elsewhere.

Or test with another router using user manager. Maybe use your hotspot device as the user manager router.

I try not to eliminate problems by beating them to death with my credit card, if you know what I mean.

Isn't there a less expensive way to do that? Can you temporarily disable your load balancing for a test? Use only one WAN (no load balancing) and see if the symptoms persist. If you can login all the time, or never, then you will know where the problem is. It may require a simple fix. If it makes no difference, you know the problem lies elsewhere.

Or test with another router using user manager. Maybe use your hotspot device as the user manager router.

I try not to eliminate problems by beating them to death with my credit card, if you know what I mean.

Currently i am using 2 router for my network, i am not able to configure PCC load balancing and hotspot server using one router, that day i have tried using one router to do that, but it doesn't work. So i use 2 router for now.
Anyone can do in one router and try before?

Between, some of my hotspot user, they turn off their pc without log off their account(hotspot)..
So the hotspot server active there still "think" they are still active.
Anyway to make the hotspot server auto detect they are actually not active anymore, and auto remove from hotspot server (active) there?

You can't use a hotspot there? You can't use user manager there? You should post the PCC load balancing stuff. Maybe someone will see a problem.
/ip address
/ip firewall mangle
/ip firewall nat
/ip route

You can't use a hotspot there? You can't use user manager there? You should post the PCC load balancing stuff. Maybe someone will see a problem.
/ip address
/ip firewall mangle
/ip firewall nat
/ip route

i didn't set any security for the network access from public, so i replace the last few number of ip address with this "175.136.*.*"
if you want to remote access or telnet into my CCR, you can contact me at nelson6069@gmail.com, or you can reply your email at here.
because i cannot PM.

/ip address

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; LAN
address=10.0.0.1/24 network=10.0.0.0 interface=ether1 actual-interface=ether1

1 address=172.16.0.1/22 network=172.16.0.0 interface=bridge-hotspot
actual-interface=bridge-hotspot

2 address=172.16.4.1/22 network=172.16.4.0 interface=bridge-hotspot2
actual-interface=bridge-hotspot2

3 D address=175.136.*.*/32 network=175.136.*.* interface=pppoe-WAN1
actual-interface=pppoe-WAN1

4 D address=175.136.*.*/32 network=175.136.*.* interface=pppoe-WAN2
actual-interface=pppoe-WAN2

5 D address=175.136.*.*/32 network=175.136.*.* interface=pppoe-WAN3
actual-interface=pppoe-WAN3

6 D address=175.136.*.*/32 network=175.136.*.* interface=pppoe-WAN4
actual-interface=pppoe-WAN4

/ip firewall mangle

[nelson@TPWiFi] /ip firewall mangle> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Accept Radius and do not mangle
chain=prerouting action=accept protocol=udp dst-address=10.0.0.1 dst-port=1812,1813

1 ;;; Mark Incoming Connection's From WAN
chain=input action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
in-interface=pppoe-WAN1

2 chain=input action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
in-interface=pppoe-WAN2

3 chain=input action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
in-interface=pppoe-WAN3

4 chain=input action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
in-interface=pppoe-WAN4

5 chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=no
connection-mark=WAN2_conn

6 chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=no
connection-mark=WAN1_conn

7 chain=output action=mark-routing new-routing-mark=to_WAN3 passthrough=no
connection-mark=WAN3_conn

8 chain=output action=mark-routing new-routing-mark=to_WAN4 passthrough=no
connection-mark=WAN4_conn

9 ;;; PCC Outbound Connection Mark
chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
dst-address-type=!local hotspot="" in-interface=ether1
per-connection-classifier=both-addresses-and-ports:4/0

10 chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
dst-address-type=!local hotspot="" in-interface=ether1
per-connection-classifier=both-addresses-and-ports:4/1

11 chain=prerouting action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
dst-address-type=!local in-interface=ether1
per-connection-classifier=both-addresses-and-ports:4/2

12 chain=prerouting action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
dst-address-type=!local in-interface=ether1
per-connection-classifier=both-addresses-and-ports:4/3

13 ;;; Mark Outbound Routing
chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes
in-interface=ether1 connection-mark=WAN1_conn

14 chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes in-interface=ether>
connection-mark=WAN2_conn

15 chain=prerouting action=mark-routing new-routing-mark=to_WAN3 passthrough=yes in-interface=ether>
connection-mark=WAN3_conn

16 chain=prerouting action=mark-routing new-routing-mark=to_WAN4 passthrough=yes in-interface=ether>
connection-mark=WAN4_conn

17 X ;;; 100bao_p2p
chain=prerouting action=mark-packet new-packet-mark=100bao_p2p_in passthrough=yes
layer7-protocol=100bao in-interface=!bridge-hotspot

18 X chain=postrouting action=mark-packet new-packet-mark=100bao_p2p_out passthrough=yes
layer7-protocol=100bao out-interface=!bridge-hotspot

19 X ;;; aim mesenger
chain=prerouting action=mark-packet new-packet-mark=aim_mesanger_in passthrough=yes
layer7-protocol=aim in-interface=!bridge-hotspot

20 X chain=postrouting action=mark-packet new-packet-mark=aim_mesanger_out passthrough=yes
layer7-protocol=aim out-interface=!bridge-hotspot

21 X ;;; aim_messenger_web
chain=prerouting action=mark-packet new-packet-mark=aim_mesenger_web_in passthrough=yes
layer7-protocol=aimwebcontent in-interface=!bridge-hotspot

22 X chain=postrouting action=mark-packet new-packet-mark=aim_mesenger_web_out passthrough=yes
layer7-protocol=aimwebcontent out-interface=!bridge-hotspot

23 X ;;; applejuice_p2p
chain=prerouting action=mark-packet new-packet-mark=applejuice_in passthrough=yes
layer7-protocol=applejuice in-interface=!bridge-hotspot

24 X chain=postrouting action=mark-packet new-packet-mark=applejuice_out passthrough=yes
layer7-protocol=applejuice out-interface=!bridge-hotspot

25 X ;;; ares_p2p
chain=prerouting action=mark-packet new-packet-mark=ares_p2p_in passthrough=yes
layer7-protocol=ares in-interface=!bridge-hotspot

26 X chain=postrouting action=mark-packet new-packet-mark=ares_p2p_out passthrough=yes
layer7-protocol=ares out-interface=!bridge-hotspot

27 X ;;; bgp_routing
chain=prerouting action=mark-packet new-packet-mark=bgp_routing_in passthrough=yes
layer7-protocol=bgp in-interface=!bridge-hotspot

28 X chain=postrouting action=mark-packet new-packet-mark=bgp_routing_out passthrough=yes
layer7-protocol=bgp out-interface=!bridge-hotspot

29 X ;;; bittorent_p2p
chain=prerouting action=mark-packet new-packet-mark=bittorent_in passthrough=yes
layer7-protocol=bittorrent in-interface=!bridge-hotspot

30 X chain=prerouting action=mark-packet new-packet-mark=bittorent_in passthrough=yes p2p=all-p2p
in-interface=!bridge-hotspot packet-mark=!bittorent_in

31 X chain=postrouting action=mark-packet new-packet-mark=bittorent_out passthrough=yes
layer7-protocol=bittorrent out-interface=!bridge-hotspot

32 X chain=postrouting action=mark-packet new-packet-mark=bittorent_out passthrough=yes p2p=all-p2p
out-interface=!bridge-hotspot packet-mark=!bittorent_out

33 X ;;; dhcp
chain=prerouting action=mark-packet new-packet-mark=dhcp_in passthrough=yes
layer7-protocol=dhcp in-interface=!bridge-hotspot

34 X chain=postrouting action=mark-packet new-packet-mark=dhcp_out passthrough=yes
layer7-protocol=dhcp out-interface=!bridge-hotspot

35 X ;;; Direct Connect - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=DC_p2p_in passthrough=yes
layer7-protocol=directconnect in-interface=!bridge-hotspot

36 X chain=postrouting action=mark-packet new-packet-mark=DC_p2p_out passthrough=yes
layer7-protocol=directconnect out-interface=!bridge-hotspot

37 X ;;; DNS - Domain Name System
chain=prerouting action=mark-packet new-packet-mark=DNS_in passthrough=yes layer7-protocol=dns
in-interface=!bridge-hotspot

38 X chain=postrouting action=mark-packet new-packet-mark=DNS_out passthrough=yes layer7-protocol=dns
out-interface=!bridge-hotspot

39 X ;;; eDonkey2000 - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=edonkey_p2p_in passthrough=yes
layer7-protocol=edonkey in-interface=!bridge-hotspot

40 X chain=postrouting action=mark-packet new-packet-mark=edonkey_p2p_out passthrough=yes
layer7-protocol=edonkey out-interface=!bridge-hotspot

41 X ;;; FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)
chain=prerouting action=mark-packet new-packet-mark=fasttrack_p2p_in passthrough=yes
layer7-protocol=fasttrack in-interface=!bridge-hotspot

42 X chain=postrouting action=mark-packet new-packet-mark=fasttrack_p2p_out passthrough=yes
layer7-protocol=fasttrack out-interface=!bridge-hotspot

43 X ;;; FTP - File Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=ftp_in passthrough=yes layer7-protocol=ftp
in-interface=!bridge-hotspot

44 X chain=postrouting action=mark-packet new-packet-mark=ftp_out passthrough=yes layer7-protocol=ftp
out-interface=!bridge-hotspot

45 X ;;; GnucleusLAN - LAN-only P2P
chain=prerouting action=mark-packet new-packet-mark=gnu_p2p_in passthrough=yes
layer7-protocol=gnucleuslan in-interface=!bridge-hotspot

46 X chain=postrouting action=mark-packet new-packet-mark=gnu_p2p_out passthrough=yes
layer7-protocol=gnucleuslan out-interface=!bridge-hotspot

47 X ;;; Gnutella - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=gnutella_p2p_in passthrough=yes
layer7-protocol=gnutella in-interface=!bridge-hotspot

48 X chain=postrouting action=mark-packet new-packet-mark=gnutella_p2p_out passthrough=yes
layer7-protocol=gnutella out-interface=!bridge-hotspot

49 X ;;; GoBoogy - a Korean P2P protocol
chain=prerouting action=mark-packet new-packet-mark=gobogy_p2p_in passthrough=yes
layer7-protocol=goboogy in-interface=!bridge-hotspot

50 X chain=postrouting action=mark-packet new-packet-mark=gobogy_p2p_out passthrough=yes
layer7-protocol=goboogy out-interface=!bridge-hotspot

51 X ;;; H.323 - Voice over IP
chain=prerouting action=mark-packet new-packet-mark=h323_voiceoverip_in passthrough=yes
layer7-protocol=h323 in-interface=!bridge-hotspot

52 X chain=postrouting action=mark-packet new-packet-mark=h323_voiceoverip_out passthrough=yes
layer7-protocol=h323 out-interface=!bridge-hotspot

53 X ;;; RTSP tunneled within HTTP
chain=prerouting action=mark-packet new-packet-mark=httprtsp_in passthrough=yes
layer7-protocol=http-rtsp in-interface=!bridge-hotspot

54 X chain=postrouting action=mark-packet new-packet-mark=httprtsp_out passthrough=yes
layer7-protocol=http-rtsp out-interface=!bridge-hotspot

55 X ;;; www HyperText Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=http_in passthrough=yes
layer7-protocol=http in-interface=!bridge-hotspot

56 X chain=postrouting action=mark-packet new-packet-mark=http_out passthrough=yes
layer7-protocol=http out-interface=!bridge-hotspot

57 X ;;; Ident - Identification Protocol - RFC 1413
chain=prerouting action=mark-packet new-packet-mark=ident_in passthrough=yes
layer7-protocol=ident in-interface=!bridge-hotspot

58 X chain=postrouting action=mark-packet new-packet-mark=ident_out passthrough=yes
layer7-protocol=ident out-interface=!bridge-hotspot

59 X ;;; IMAP - Internet Message Access Protocol (A common e-mail protocol)
chain=prerouting action=mark-packet new-packet-mark=imap_in passthrough=yes
layer7-protocol=imap in-interface=!bridge-hotspot

60 X chain=postrouting action=mark-packet new-packet-mark=imap_out passthrough=yes
layer7-protocol=imap out-interface=!bridge-hotspot

61 X ;;; iMesh - the native protocol of iMesh, a P2P application
chain=prerouting action=mark-packet new-packet-mark=imesh_p2p_in passthrough=yes
layer7-protocol=imesh in-interface=!bridge-hotspot

62 X chain=postrouting action=mark-packet new-packet-mark=imesh_p2p_out passthrough=yes
layer7-protocol=imesh out-interface=!bridge-hotspot

63 X ;;; IRC - Internet Relay Chat
chain=prerouting action=mark-packet new-packet-mark=irc_in passthrough=yes layer7-protocol=irc
in-interface=!bridge-hotspot

64 X chain=postrouting action=mark-packet new-packet-mark=irc_out passthrough=yes layer7-protocol=irc
out-interface=!bridge-hotspot

65 X ;;; KuGoo - a Chinese P2P program
chain=prerouting action=mark-packet new-packet-mark=koogo_in passthrough=yes
layer7-protocol=kugoo in-interface=!bridge-hotspot

66 X chain=postrouting action=mark-packet new-packet-mark=koogo_out passthrough=yes
layer7-protocol=kugoo out-interface=!bridge-hotspot

67 X ;;; MSN (Micosoft Network) Messenger file transfers
chain=prerouting action=mark-packet new-packet-mark=msnfile_in passthrough=yes
layer7-protocol=msn-filetransfer in-interface=!bridge-hotspot

68 X chain=postrouting action=mark-packet new-packet-mark=msnfile_out passthrough=yes
layer7-protocol=msn-filetransfer out-interface=!bridge-hotspot

69 X ;;; MSN Messenger
chain=prerouting action=mark-packet new-packet-mark=msn_in passthrough=yes
layer7-protocol=msnmessenger in-interface=!bridge-hotspot

70 X chain=postrouting action=mark-packet new-packet-mark=msn_out passthrough=yes
layer7-protocol=msnmessenger out-interface=!bridge-hotspot

71 X ;;; MUTE - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=mute_p2p_in passthrough=yes
layer7-protocol=mute in-interface=!bridge-hotspot

72 X chain=postrouting action=mark-packet new-packet-mark=mute_p2p_out passthrough=yes
layer7-protocol=mute out-interface=!bridge-hotspot

73 X ;;; Napster - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=napster_in passthrough=yes
layer7-protocol=napster in-interface=!bridge-hotspot

74 X chain=postrouting action=mark-packet new-packet-mark=napster_out passthrough=yes
layer7-protocol=napster out-interface=!bridge-hotspot

75 X ;;; NetBIOS - Network Basic Input Output System
chain=prerouting action=mark-packet new-packet-mark=netbios_in passthrough=yes
layer7-protocol=netbios in-interface=!bridge-hotspot

76 X chain=postrouting action=mark-packet new-packet-mark=netbios_out passthrough=yes
layer7-protocol=netbios out-interface=!bridge-hotspot

77 X ;;; NNTP - Network News Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=nntp_in passthrough=yes
layer7-protocol=nntp in-interface=!bridge-hotspot

78 X chain=postrouting action=mark-packet new-packet-mark=nntp_out passthrough=yes
layer7-protocol=nntp out-interface=!bridge-hotspot

79 X ;;; SNTP - (Simple) Network Time Protocol
chain=prerouting action=mark-packet new-packet-mark=ntp_in passthrough=yes layer7-protocol=ntp
in-interface=!bridge-hotspot

80 X chain=postrouting action=mark-packet new-packet-mark=ntp_out passthrough=yes layer7-protocol=ntp
out-interface=!bridge-hotspot

81 X ;;; Remote Administrator - remote desktop for MS Windows
chain=prerouting action=mark-packet new-packet-mark=radmin_in passthrough=yes
layer7-protocol=radmin in-interface=!bridge-hotspot

82 X chain=postrouting action=mark-packet new-packet-mark=radmin_out passthrough=yes
layer7-protocol=radmin out-interface=!bridge-hotspot

83 X ;;; Remote Desktop Protocol (used in Windows Terminal Services)
chain=prerouting action=mark-packet new-packet-mark=rdp_in passthrough=yes layer7-protocol=rdp
in-interface=!bridge-hotspot

84 X chain=postrouting action=mark-packet new-packet-mark=rdp_out passthrough=yes layer7-protocol=rdp
out-interface=!bridge-hotspot

85 X ;;; RTSP - Real Time Streaming Protocol
chain=prerouting action=mark-packet new-packet-mark=rtsp_in passthrough=yes
layer7-protocol=rtsp in-interface=!bridge-hotspot

86 X chain=postrouting action=mark-packet new-packet-mark=rtsp_out passthrough=yes
layer7-protocol=rtsp out-interface=!bridge-hotspot

87 X ;;; SIP - Session Initiation Protocol - Internet telephony
chain=prerouting action=mark-packet new-packet-mark=sip_in passthrough=yes layer7-protocol=sip
in-interface=!bridge-hotspot

88 X chain=postrouting action=mark-packet new-packet-mark=sip_out passthrough=yes layer7-protocol=sip
out-interface=!bridge-hotspot

89 X ;;; Skype to phone - UDP voice call
chain=prerouting action=mark-packet new-packet-mark=skypeout_in passthrough=yes protocol=udp
layer7-protocol=skypeout in-interface=!bridge-hotspot

90 X chain=postrouting action=mark-packet new-packet-mark=skypeout_out passthrough=yes protocol=udp
layer7-protocol=skypeout out-interface=!bridge-hotspot

91 X ;;; Skype to Skype - UDP voice call
chain=prerouting action=mark-packet new-packet-mark=skype2skype_in passthrough=yes protocol=udp
layer7-protocol=skypetoskype in-interface=!bridge-hotspot

92 X chain=postrouting action=mark-packet new-packet-mark=skype2skype_out passthrough=yes protocol=ud>
layer7-protocol=skypetoskype out-interface=!bridge-hotspot

93 X ;;; POP3 - Post Office Protocol version 3
chain=prerouting action=mark-packet new-packet-mark=pop3_in passthrough=yes
layer7-protocol=pop3 in-interface=!bridge-hotspot

94 X chain=postrouting action=mark-packet new-packet-mark=pop3_out passthrough=yes
layer7-protocol=pop3 out-interface=!bridge-hotspot

95 X ;;; SMTP - Simple Mail Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=smtp_in passthrough=yes
layer7-protocol=smtp in-interface=!bridge-hotspot

96 X chain=postrouting action=mark-packet new-packet-mark=smtp_out passthrough=yes
layer7-protocol=smtp out-interface=!bridge-hotspot

97 X ;;; SNMP - Simple Network Management Protocol
chain=prerouting action=mark-packet new-packet-mark=snmp_in passthrough=yes
layer7-protocol=snmp in-interface=!bridge-hotspot

98 X chain=postrouting action=mark-packet new-packet-mark=snmp_out passthrough=yes
layer7-protocol=snmp out-interface=!bridge-hotspot

99 X ;;; Soulseek - P2P filesharing
chain=prerouting action=mark-packet new-packet-mark=soulsek_in passthrough=yes
layer7-protocol=soulseek in-interface=!bridge-hotspot

100 X chain=postrouting action=mark-packet new-packet-mark=soulsek_out passthrough=yes
layer7-protocol=soulseek out-interface=!bridge-hotspot

101 X ;;; SSH - Secure SHell
chain=prerouting action=mark-packet new-packet-mark=ssh_in passthrough=yes layer7-protocol=ssh
in-interface=!bridge-hotspot

102 X chain=postrouting action=mark-packet new-packet-mark=ssh_out passthrough=yes layer7-protocol=ss>
out-interface=!bridge-hotspot

103 X ;;; SSL and TLS - Secure Socket Layer / Transport Layer Security
chain=prerouting action=mark-packet new-packet-mark=ssl_in passthrough=yes layer7-protocol=ssl
in-interface=!bridge-hotspot

104 X chain=postrouting action=mark-packet new-packet-mark=ssl_out passthrough=yes layer7-protocol=ss>
out-interface=!bridge-hotspot

105 X ;;; vnc
chain=prerouting action=mark-packet new-packet-mark=vnc_in passthrough=yes layer7-protocol=vnc
in-interface=!bridge-hotspot

106 X chain=postrouting action=mark-packet new-packet-mark=vnc_out passthrough=yes layer7-protocol=vn>
out-interface=!bridge-hotspot

107 X ;;; TeamSpeak - VoIP application
chain=prerouting action=mark-packet new-packet-mark=teamspeak_in passthrough=yes
layer7-protocol=teamspeak in-interface=!bridge-hotspot

108 X chain=postrouting action=mark-packet new-packet-mark=teamspeak_out passthrough=yes
layer7-protocol=teamspeak out-interface=!bridge-hotspot

/ip firewall nat

[nelson@TPWiFi] /ip firewall nat> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough to-addresses=0.0.0.0

1 ;;; Redirect Hotspot Mail to Port 587
chain=hs-smtp action=dst-nat to-addresses=202.188.0.174 to-ports=587 protocol=tcp
in-interface=bridge-hotspot dst-port=25

2 ;;; masquerade hotspot network
chain=srcnat action=masquerade to-addresses=0.0.0.0 src-address=10.0.0.0/22

3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=172.16.0.0/22

4 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=172.16.4.0/22

5 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp
in-interface=pppoe-WAN1 dst-port=8292

6 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp
in-interface=pppoe-WAN2 dst-port=8292

7 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp
in-interface=pppoe-WAN3 dst-port=8292

8 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp
in-interface=pppoe-WAN4 dst-port=8292

9 chain=dstnat action=dst-nat to-addresses=10.0.0.2 protocol=tcp in-interface=pppoe-WAN4
dst-port=8080

10 chain=dstnat action=dst-nat to-addresses=10.0.0.2 protocol=tcp in-interface=pppoe-WAN1
dst-port=8080

11 chain=dstnat action=dst-nat to-addresses=10.0.0.2 protocol=tcp in-interface=pppoe-WAN3
dst-port=8080

12 chain=dstnat action=dst-nat to-addresses=10.0.0.2 protocol=tcp in-interface=pppoe-WAN2
dst-port=8080

13 chain=srcnat action=masquerade out-interface=pppoe-WAN1

14 chain=srcnat action=masquerade out-interface=pppoe-WAN2

15 chain=srcnat action=masquerade out-interface=pppoe-WAN3

16 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=pppoe-WAN4

17 chain=srcnat action=masquerade protocol=tcp dst-address=10.0.0.2 dst-port=8291

/ip route
[nelson@TPWiFi] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=pppoe-WAN2 gateway-status=pppoe-WAN2 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN2

1 A S dst-address=0.0.0.0/0 gateway=pppoe-WAN1 gateway-status=pppoe-WAN1 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN1

2 A S dst-address=0.0.0.0/0 gateway=pppoe-WAN3 gateway-status=pppoe-WAN3 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN3

3 A S dst-address=0.0.0.0/0 gateway=pppoe-WAN4 gateway-status=pppoe-WAN4 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_WAN4

4 S dst-address=0.0.0.0/0 pref-src=175.136.*.*
gateway=pppoe-WAN1,pppoe-WAN2,pppoe-WAN3,pppoe-WAN4
gateway-status=pppoe-WAN1 reachable,pppoe-WAN2 reachable,pppoe-WAN3 reachable,pppoe-WAN4
reachable
distance=1 scope=10 target-scope=10

5 ADS dst-address=0.0.0.0/0 gateway=175.136.*.*
gateway-status=175.136.131.254 reachable via pppoe-WAN4 distance=1 scope=30 target-scope=10

6 DS dst-address=0.0.0.0/0 gateway=175.136.*.*
gateway-status=175.136.131.254 reachable via pppoe-WAN4 distance=1 scope=30 target-scope=10

7 DS dst-address=0.0.0.0/0 gateway=175.136.*.*
gateway-status=175.136.*.* reachable via pppoe-WAN4 distance=1 scope=30 target-scope=10

8 DS dst-address=0.0.0.0/0 gateway=175.136.*.*
gateway-status=175.136.*.* reachable via pppoe-WAN4 distance=1 scope=30 target-scope=10

9 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=ether1 gateway-status=ether1 reachable
distance=0 scope=10

10 ADC dst-address=172.16.0.0/22 pref-src=172.16.0.1 gateway=bridge-hotspot
gateway-status=bridge-hotspot reachable distance=0 scope=10

11 ADC dst-address=172.16.4.0/22 pref-src=172.16.4.1 gateway=bridge-hotspot2
gateway-status=bridge-hotspot2 reachable distance=0 scope=10

12 ADC dst-address=175.136.*.* /32 pref-src=175.136.*.*
gateway=pppoe-WAN1,pppoe-WAN2,pppoe-WAN3,pppoe-WAN4
gateway-status=pppoe-WAN1 reachable,pppoe-WAN2 reachable,pppoe-WAN3 reachable,pppoe-WAN4
reachable
distance=0 scope=10

You can't use a hotspot there? You can't use user manager there? You should post the PCC load balancing stuff. Maybe someone will see a problem.
/ip address
/ip firewall mangle
/ip firewall nat
/ip route

hi SurferTim, can i have your email? Or can you contact me at nelson6069@gmail.com ?
need some help from you:)