What I hear is that you have 3 wan connections that you could use to server all LAN users.
Separately you have some layers of further requirements
- use WAN2 for external users to reach LAN servers
Its one router so there is no separate router concept. One uses the functionality and tools available on the router to create isolation in traffic. All doable.
Trying to use port based control access to WANs, is really old thinking.
You have to decide if you want each port to get an IP address and not be on a bridge but all separate thats fine.
However most use a single bridge, assigne vlans to subnets and then assign the vlans to the ports as required.
This allows for trunk ports where one can send many vlans down one port, to a smart access port or switch for further distribution in another location/room.
Your ip pools make little sense.
Lacking firewall rules.......
/ip routes make no sense
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The solution below moves everything to one bridge and four vlans, subnets. You may only elect to use two of them for example.
Its a rational approach that may not be quite correct at the start but will allow you to meet your requirements as they become clearer.
PCC for three wans, wan2 gets two hits for every one hit of the other being slightly larger in capacity.
So we need mangle for PCC, we need mangle for incoming traffic to server via WAN2,
We need to ensure that server traffic is not captured by PCC traffic as its separate.
Will assume you have static WANIPs.
+++++++++++++++++++++++++++++++++++++++++++++++++++
# model = RB4011iGS+
# serial number = xxx.xxx
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-YOUbroad
set [ find default-name=ether2 ] name=ether2-hathway
set [ find default-name=ether3 ] name=ether3-TataPLAY
/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10 Comment="old bridge1 subnet maybe"
add interface=bridge1 name=VLAN11 vlan-id=11 Comment="old bridge2 subnet maybe"
add interface=bridge1 name=VLAN12 vlan-id=12 Comment="any subnet"
add interface=bridge1 name=VLAN13 vlan-id=13 Comment="any subnet"
/interface list
add name=WAN
add name=LAN
add name=Trusted
/ip pool
add name=dhcp_pool0 ranges=192.168.10.50-192.168.10.254
add name=dhcp_pool1 ranges=192.168.11.100-192.168.11.254
add name=dhcp_pool2 ranges=192.168.12.100-192.168.12.254
add name=dhcp_pool3 ranges=192.168.13.100-192.168.13.254
/interface list member
add interface=ether1-YOUbroad list=WAN
add interface=ether2-hathway list=WAN
add interface=ether3-TataPLAY list=WAN
add interface=VLAN10 list=LAN
add interface=VLAN11 list=LAN
add interface=VLAN12 list=LAN
add interface=VLAN13 list=LAN
add interface= ??? list=Trusted
/ip dhcp-server
add address-pool=dhcp_pool0 interface=VLAN10 name=dhcp10
add address-pool=dhcp_pool1 interface=VLAN11 name=dhcp11
add address-pool=dhcp_pool2 interface=VLAN12 name=dhcp12
add address-pool=dhcp_pool3 interface=VLAN13 name=dhcp13
/routing table
add disabled=no fib name=toYOUbroad
add disabled=no fib name=tohathway
add disabled=no fib name=toTataPLAY
/interface bridge port
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether4 pvid=10
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether5 pvid=10
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether6 pvid=11
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether7 pvid=11
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether8 pvid=11
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether9 pvid=10
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether10 pvid=10
/ip address
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
/ip dhcp-client
add add-default-route=no interface=ether1-YOUbroad
add add-default-route=no interface=ether2-hathway
add add-default-route=no interface=ether3-TataPLAY
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=\
192.168.10.1
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=\
192.168.11.1
add address=192.168.12.0/24 dns-server=192.168.12.1 gateway=\
192.168.12.1
add address=192.168.13.0/24 dns-server=192.168.13.1 gateway=\
192.168.13.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.11.99/32 list=ServersWAN2
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-address=127.0.0.1
add action=accept chain=input comment="accept only LAN traffic" in-interface-list=LAN
add action=drop chain=input comment="Drop All Else"
++++++++++++++++++++++++++++++++++++++
add action=fasttrack-connection chain=forward \
connection-state=established,related hw-offload=yes connection-mark=no-mark
add action=accept chain=forwardconnection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept comment="port fowarding" connection-nat-state=dstnat
add action=drop commment="Drop All Else"
/ip firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark \
in-interface=ether2-hathway new-connection-mark=incomingWAN2 passthrough=yes
comment="Mark connections heading to Server via WAN2"
add action=mark-routing chain=prerouting connection-mark=incomingWAN2 \
new-routing-mark=tohathway src-address-list=ServersWAN2 passthrough=no
comment=" Mark Server Return traffic to go out WAN2"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=mark-connection chain=forward connection-mark=no-mark \
dst-address-type=!local new-connection-mark=PCCtoWAN1 passthrough=yes \
in-interface-list=LAN per-connection-classifier=src-address-and-port:4/0 \
comment="Identify Traffic from LAN to go out WAN1"
add action=mark-connection chain=forward connection-mark=no-mark \
dst-address-type=!local new-connection-mark=PCCtoWAN2 passthrough=yes \
in-interface-list=LAN per-connection-classifier=src-address-and-port:4/1 \
comment="Identify Traffic from LAN to go out WAN2"
add action=mark-connection chain=forward connection-mark=no-mark \
dst-address-type=!local new-connection-mark=PCCtoWAN3 passthrough=yes \
in-interface-list=LAN per-connection-classifier=src-address-and-port:4/2 \
comment="Identify Traffic from LAN to go out WAN3"
add action=mark-connection chain=pforward connection-mark=no-mark \
dst-address-type=!local new-connection-mark=PCCtoWAN2 passthrough=yes \
in-interface-list=LAN per-connection-classifier=src-address-and-port:4/3 \
comment="Identify Traffic from LAN to go out WAN2"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=mark-routing chain=prerouting connection-mark=PCCtoWAN1 \
new-routing-mark=toYOUbroad passthrough=no
commment="Route traffic from PCC to WAN1"
add action=mark-routing chain=prerouting connection-mark=PCCtoWAN2 \
new-routing-mark=tohathway passthrough=no
commment="Route traffic from PCC to WAN2"
add action=mark-routing chain=prerouting connection-mark=PCCtoWAN3 \
new-routing-mark=toTataPLAY passthrough=no
commment="Route traffic from PCC to WAN3"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-YOUbroad \
add action=masquerade chain=srcnat out-interface=ether2-hathway \
add action=masquerade chain=srcnat out-interface=ether3-TataPLAY \
add action=dst-nat chain=dstnat dst-port=11111 in-interface=ether2-hathway \
protocol=tcp to-addresses=192.168.11.199
add action=dst-nat chain=dstnat dst-port=11111 in-interface=ether2-hathway \
protocol=udp to-addresses=192.168.11.199
/ip route
add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=12
add distance=2 dst-address=1.1.1.1/32 gateway=192.168.4.4 scope=10 target-scope=11 \
comment="Recursive router for WAN1"
+++++++++++++++++++++++++++++++++++++++++++++++
add check-gateway=ping distance=4 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12
add distance=4 dst-address=9.9.9.9/32 gateway=192.168.1.1 scope=10 target-scope=11 \
comment="Recursive Router for WAN2"
++++++++++++++++++++++++++++++++++++++++++++++
add check-gateway=ping distance=6 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=12
add distance=6 dst-address=8.8.4.4/32 gateway=192.168.72.72 scope=10 target-scope=11 \
comment="Recursive Router for WAN3"
++++++++++++++++++++++++++++++++++++++++++++++
add dst-address=0.0.0.0/0 gateway=192.168.4.4 routing-table=toYOUbroad
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=tohathway
add dst-address=0.0.0.0/0 gateway=192.168.72.72 routing-table=toTataPLAY
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Kolkata
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key