命令行：

/ ip firewall mangle
1、保证访问局域网IP的时候不被PCC了。
add chain=prerouting dst-address=10.1.1.0/24 action=accept in-interface=ether1
add chain=prerouting dst-address=10.2.2.0/24 action=accept in-interface=ether1

2、保证上网流量从哪进就从哪出，所以必须比如对从wan口进来的流量进行标识。为避免上下流量出错connection-mark=no-mark不可少！
add chain=prerouting in-interface=wlan1 connection-mark=no-mark action=mark-connection new-connection-mark=1
add chain=prerouting in-interface=wlan2 connection-mark=no-mark action=mark-connection new-connection-mark=2

3、对于从局域网进的连接，目的地址为非局域网IP的流量进行连接标记，每个1/2。为避免上下流量出错connection-mark=no-mark不可少！
add chain=prerouting in-interface=ether1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=1
add chain=prerouting in-interface=ether1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=2

4、对于之前进行连接的标识进行，分别标识不同的路由标记。这里注意in-interface=ether1不可少，因为之前的连接标记为双向的，有进有出，这里如果没有in-interface配置，out流量也会被PCC！
add chain=prerouting connection-mark=1 in-interface=ether1 action=mark-routing new-routing-mark=1
add chain=prerouting connection-mark=2 in-interface=ether1 action=mark-routing new-routing-mark=2

5、保证上网流量从哪进就从哪出，所以必须比如对从wan口出去的流量进行标识。
add chain=output connection-mark=1 action=mark-routing new-routing-mark=1
add chain=output connection-mark=2 action=mark-routing new-routing-mark=2

6、对不同的路由标记走不同的外网网关出去，后面两个为备用网关
/ ip route
add dst-address=0.0.0.0/0 gateway=10.1.1.88 routing-mark=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.2.2.88 routing-mark=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.1.1.88 distance=2
add dst-address=0.0.0.0/0 gateway=10.2.2.88 distance=3

7、对两条外网进行伪装
/ ip firewall nat
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade