AYUDA Mikrotik hAP Lite ......

Publicado por diego10, 03 de Marzo de 2017, 02:40:29 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

diego10

#30
todo bien pero sigo con el pedido de ayuda... y el aporte sera muy bienvenido
vi que hay otro balance el NTH pero no se que onda...

You are not allowed to view links. Register or Login

cuando pongo:

/ ip firewall nat 
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
    to-ports=0-65535 comment="" disabled=no 
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
    to-ports=0-65535 comment="" disabled=no


sale un error

failure: to-ports valid only for tcp/udp

diego10

mientras regresan mis amigos que saben del tema pregunto si servira este script para balanceo NTH (?)
lo saque de You are not allowed to view links. Register or Login

/ip address
add address=103.28.2.254/30 interface=WAN1
add address=103.28.0.254/30 interface=WAN2
add address=192.168.168.1/24 interface=bridge-LAN

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=103.28.3.187,8.8.8.8

/ip firewall mangle
add chain=prerouting in-interface=bridge-LAN connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=bridge-LAN connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no

add chain=prerouting in-interface=bridge-LAN connection-state=new nth=2,2 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=bridge-LAN connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no

/ip firewall nat
add chain=srcnat action=masquerade out-interface=WAN1 comment="" disabled=no
add chain=srcnat action=masquerade out-interface=WAN2 comment="" disabled=no

/ip route
add dst-address=0.0.0.0/0 gateway=103.28.2.253 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=103.28.0.253 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=103.28.2.253 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=103.28.0.253 comment="" disabled=no

WiFeamela

Ante todo, quedate tranquilo que cualquier equipo con soporte RouterOS level 4 o superior soporta cualquier tecnología de balanceo.

Nunca probé NTH, siempre lo bardean en los foros y terminan haciendo PCC por ser más eficiente.

No me quedó claro el problema de DNS, eso ya lo habías configurado antes y estaba bien, yo nunca te pasé comando alguno para setearlo.

Lo del cambio del nombre de interfáz WLAN era anecdótico porque lo resolvite a manopla, mi error fue no anteponer el "/interface wireless" antes del cambio de nombre, sino intenta cambiar una interface ethernet que no existe.

Dale para adelante con el PCC que indicás anteriormente, te quedaría así:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=WLAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN1_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=11.11.11.11 routing-mark=to_WAN1 check-gateway=ping comment="Salida con marca por WAN1"
add dst-address=0.0.0.0/0 gateway=22.22.22.22 routing-mark=to_WAN2 check-gateway=ping comment="Salida con marca por WAN2"


Lo del export es así de facil: tipear el comando export en una Terminal y darle Enter.

Saludos,

diego10

#33
ok man muchas gracias. yo tenia esto:

/interface ethernet
set [ find default-name=ether1 ] name="WAN1"
set [ find default-name=ether2 ] name="WAN2"
set [ find default-name=ether3 ] name="WAN3"
set [ find default-name=ether4 ] name="LAN"
set [ find default-name=wlan1 ] name="WLAN"

/ip address
add address=11.11.11.1/24 interface="WAN1" network=11.11.11.0
add address=22.22.22.1/24 interface="WAN2" network=22.22.22.0
add address=33.33.33.1/24 interface="WAN3" network=33.33.33.0
add address=172.16.0.1/24 interface="LAN" network=172.16.0.0
add address=172.16.1.1/24 interface="WLAN" network=172.16.1.0

/ip pool
add name=LAN ranges=172.16.0.50-172.16.0.254
add name=WLAN ranges=172.16.1.50-172.16.1.254

/ip dhcp-server
add address-pool=LAN disabled=no interface="LAN" lease-time=1d name=LAN
add address-pool=WLAN disabled=no interface="WLAN" lease-time=1d name=WLAN

/ip dhcp-server network
add address=172.16.0.0/24 comment=LAN dns-server=172.16.0.1 gateway=172.16.0.1
add address=172.16.1.0/24 comment=WLAN dns-server=172.16.1.1 gateway=172.16.1.1

/ip firewall nat
add action=masquerade chain=srcnat comment="Salida NAT WAN1" out-interface="WAN1"
add action=masquerade chain=srcnat comment="Salida NAT WAN2" out-interface="WAN2"

/ip route
add check-gateway=ping comment="Salida sin marca por WAN1" distance=1 gateway=11.11.11.11
add check-gateway=ping comment="Salida sin marca por WAN2" distance=2 gateway=22.22.22.22

ahora agregue esto ultimo que me indicaste:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=WLAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN1_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=11.11.11.11 routing-mark=to_WAN1 check-gateway=ping comment="Salida con marca por WAN1"
add dst-address=0.0.0.0/0 gateway=22.22.22.22 routing-mark=to_WAN2 check-gateway=ping comment="Salida con marca por WAN2"

y funciona!!!  :) pero no suma el ancho de banda creo que solo divide la velocidad del WAN mas lento ya que noto que antes del balanceo, WAN1 (fiber x 12MB) pegaba un pico inicial y seguia en 1.4Mb/s. la WAN2 (sp33dy x 3MB) arrancaba y se mantenia en 390Kb/s



creo que tendria que optimizar el balance... por que no suma o algo asi?

aca pongo el export:

#
/interface wireless
set [ find default-name=wlan1 ] name=WLAN
/interface ethernet
set [ find default-name=ether4 ] name=LAN
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] name=WAN3
/ip pool
add name=LAN ranges=172.16.0.50-172.16.0.254
add name=WLAN ranges=172.16.1.50-172.16.1.254
/ip dhcp-server
add add-arp=yes address-pool=LAN always-broadcast=yes disabled=no interface=LAN lease-time=1d name=LAN use-radius=yes
add address-pool=WLAN disabled=no interface=WLAN lease-time=1d name=WLAN
/ip address
add address=11.11.11.1/24 interface=WAN1 network=11.11.11.0
add address=22.22.22.1/24 interface=WAN2 network=22.22.22.0
add address=33.33.33.1/24 interface=WAN3 network=33.33.33.0
add address=172.16.0.1/24 interface=LAN network=172.16.0.0
add address=172.16.1.1/24 interface=WLAN network=172.16.1.0
/ip dhcp-server network
add address=172.16.0.0/24 comment=LAN dns-server=172.16.0.1 gateway=172.16.0.1
add address=172.16.1.0/24 comment=WLAN dns-server=172.16.1.1 gateway=172.16.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add chain=prerouting dst-address=11.11.11.0/24 in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 in-interface=WLAN
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=WLAN new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=WLAN new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=LAN new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=LAN new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=WLAN new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=WLAN new-routing-mark=to_WAN2
/ip firewall nat
add action=masquerade chain=srcnat comment="Salida NAT WAN1" out-interface=WAN1
add action=masquerade chain=srcnat comment="Salida NAT WAN2" out-interface=WAN2
/ip route
add check-gateway=ping comment="Salida con marca por WAN1" distance=1 gateway=11.11.11.11 routing-mark=to_WAN1
add check-gateway=ping comment="Salida con marca por WAN2" distance=1 gateway=22.22.22.22 routing-mark=to_WAN2
add check-gateway=ping comment="Salida sin marca por WAN1" distance=1 gateway=11.11.11.11
add check-gateway=ping comment="Salida sin marca por WAN2" distance=2 gateway=22.22.22.22
/system clock
set time-zone-name=America/Argentina/Buenos_Aires
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
[admin@MikroTik] >


como te decia, te estoy muy agradecido por no dejarme en banda    ;D

diego10

#34
como te decia antes, hice 5 pruebas de descarga simultaneas
intento arrancar con WAN1 y al toque se corto y continuo por WAN2 (que provisoriamente son 6 megas)



no tengo balance pero por lo menos noto que levanto la interface  ;D
tambien raro es que la sesion figura como 192.168.88.1


WiFeamela

Cuando los vínculos son de diferente capacidad, hay que darle mayor peso a los principales.

En tu caso, bastaria con agregar estas reglas adicionales en el lugar correcto:

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes


Al crearlas por Terminal, se te van a ubicar en último lugar dentro de IP > Firewall >Mangle

Si mal no estoy contando, el lugar correcto para la primera regla sería el puesto 11 y la segunda regla iría en el puesto 14.

Sino mandá al joraca todas las reglas que veas en IP > Firewall >Mangle y pegá el choclo completo!

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=WLAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN1_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN2


Respecto a la sesión en 192.168.88.1, esa es la puerta de enlace por defecto, capaz te quedó algo sucio en el WinBox, ahora que tenés bien configurada la LAN, te conviene empezar a conectarte por IP: Si estás por LAN, sería 172.16.0.1, si estás por WLAN: 172.16.1.1.

Otras config que deberías ir metiendo, son estas básicas de seguridad por firewall:

/ip firewall filter
add action=accept chain=forward comment="Aceptar Conexiones Establecidas" connection-state=established
add action=accept chain=input comment="Aceptar Conexiones Establecidas" connection-state=established
add action=accept chain=forward comment="Aceptar Conexiones Relacionadas" connection-state=related
add action=accept chain=input comment="Aceptar Conexiones Relacionadas" connection-state=related
add action=drop chain=forward comment="Descartar Conexiones Invalidas" connection-state=invalid
add action=drop chain=input comment="Descartar Conexiones Inv\E1lidas" connection-state=invalid

WiFeamela

Otra recomendación: actualizá el S.O.

La página oficial de descargas es esta: You are not allowed to view links. Register or Login

Tu equipo es SMIPS, te correspondería bajar este paquete: You are not allowed to view links. Register or Login

Para actualizar, simplemente tenés que hacer "drag and drop" del archivo descargado dentro de WinBox > Files.

Finalmente reiniciás el equipo: System > Reboot

PD: En mi respuesta anterior, omití el "/ip firewall mangle" antes de las 2 reglas que te tiré para dar prioridad al enlace de 12Mbps.

PD2: Nunca me funcionó el "Editar" de este foro! Se queda en "Cargando" y nunca me trae el editor.

diego10

winbox lo ve como 172.16.0.1 pero cuando abre la sesion  muestra 192.168.88.1

hice los cambios pero el WAN1 no se dio por enterado...  ::)



pero la subida de la imagen de arriba si la mando por WAN1 que loco



diego10

como queda entonces? /ip firewall mangle



diego10

ahi arregle el OS y el IP de la sesion


WiFeamela

Pareciera que te quedó perfecto, pero me faltan varias columas a la vista de Mangle para estar seguro.

Dale clic derecho a cualquier parte > Show Columns y tildás:


  • Connection Mark
  • Routing Mark
  • Per Connection Classifier
  • New Connection Mark
  • New Routing Mark

Una cuestión que puede estar jodiendo, es que esta tecnología de balance maneja una tabla de afinidad de conexiones para no romper algunos protocolos como HTTPS, si bien por la cantidad de paquetes que veo tomó bastante bien el balance, hay una ligera inclinación por la WAN2. Yo creo que después de reiniciar o tumbar las conexiones activas en IP > Firewall > Connections, deberías empezar a ver mayor actividad en la WAN1.

diego10


WiFeamela

Estaba dormido, perdón, hacé boleta todo el Mangle y volvé a entrar estos comandos:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=WLAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN1_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN2


Le estaba dando más prioridad aún a la WAN2!

diego10

todo bien seguimos luego que a mi tambien me reclaman aca. me miran con cara de 0rt0 sera que estoy borrado hace un par de dias jaja

pero con el cambio del mangle pasa lo mismo que antes



si te parece seguimos despues porque a mi me van a c@par  :)

WiFeamela

Pegale una mirada a la regla 10 del Mangle, a ver si mueve paquetes y tráfico. Pareciera que no le dá bola a la prioridad.

Si persiste en 0 como está ahora, alguna me mandé o no está respondiendo bien a la división... Provemos una relación de 3:0/1/2:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=11.11.11.0/24 action=accept in-interface=WLAN
add chain=prerouting dst-address=22.22.22.0/24 action=accept in-interface=WLAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WLAN per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN1_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WLAN action=mark-routing new-routing-mark=to_WAN2


No descuide a la familia Doc y peor, no los dejes sin Internet haciendo pruebas!