I have a very similar issue as described here, but the solution did not work.
A short summary:
- I've a Fritzbox from my ISP
- I've a GL-AR750S-EXT (Slate) running OpenWrt 19.07 (stock)
- I've an Huawei Surfstick, E3372H-320 LTE USB-Stick attached to the GL-AR750S-EXT (
- The Fritzbox (
192.168.178.1) is connected to the GL-AR750S-EXT (
- The GL-AR750S-EXT has a tinyproxy running on port
8888, listening on
192.168.178.77 and binding to
- The Fritzbox has an active port forwarding
12345 (external) to GL-AR750S-EXT port
My goal is to have the tinyproxy available for external access from me / friends / my servers.
It all works fine except the access from external. I can run
curl -x http://192.168.178.77:8888 -L https://httpbin.org/ip from my local workstation and I can see that the 4G stick is used. However, when I run
curl -x http://my.public.isp.ip:8888 -L https://httpbin.org/ip I get a timeout. Please note that I access it via IPv4. I also see no access in the tinyproxy logs.
Next thing I did was to check with
tcpdump if anything arrives at the GL-AR750S-EXT. And it does. I see a request arriving from
192.168.178.77:8888 in the tcpdump logs. Which tells me that my ISP is not blocking my port and the Fritzbox port forwarding works as expected. However, I can't find out where the connection drops/gets rejected/times out.
I tried various firewall settings and configurations I made up or found here/via google. Unfortunately none of them worked. This is my first "project" with OpenWrt and firewall configuration in general. I'm a bit lost. I also tried to configure access to other services (like SSH ) but it didn't work either. Same timeout issue.
Maybe someone has a similar situation or idea what to do next.
Can you run a
ip -4 ro list table all ?
root@GL-AR750S:~# ip -4 ro list table all
default via 192.168.8.1 dev eth1 table 3
192.168.8.0/24 dev eth1 table 3 proto kernel scope link src 192.168.8.107
192.168.10.0/24 dev br-lan table 3 proto kernel scope link src 192.168.10.1
192.168.178.0/24 dev eth0.1 table 3 proto kernel scope link src 192.168.178.77
default via 192.168.8.1 dev eth1 proto static src 192.168.8.107
192.168.8.0/24 dev eth1 proto kernel scope link src 192.168.8.107
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
192.168.178.0/24 dev eth0.1 proto kernel scope link src 192.168.178.77
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.8.0 dev eth1 table local proto kernel scope link src 192.168.8.107
local 192.168.8.107 dev eth1 table local proto kernel scope host src 192.168.8.107
broadcast 192.168.8.255 dev eth1 table local proto kernel scope link src 192.168.8.107
broadcast 192.168.10.0 dev br-lan table local proto kernel scope link src 192.168.10.1
local 192.168.10.1 dev br-lan table local proto kernel scope host src 192.168.10.1
broadcast 192.168.10.255 dev br-lan table local proto kernel scope link src 192.168.10.1
broadcast 192.168.178.0 dev eth0.1 table local proto kernel scope link src 192.168.178.77
local 192.168.178.77 dev eth0.1 table local proto kernel scope host src 192.168.178.77
broadcast 192.168.178.255 dev eth0.1 table local proto kernel scope link src 192.168.178.77
JFI: The GL-AR750S-EXT / OpenWrt IP net is 192.168.10.0/24. I had to change it because it collided with the one of the Huawei Surfstick.
Thanks for your fast rely, I really appreciate it
Well, it's not weird. You have default gateway for main and custom routing table 3 the Huawei. Usually when you have more than one wan you need to do Policy Based Routing and you have 3 options:
- a set of rules/routes for each internet connection.
Well that sounds… reasonable I’ve read over both readmes. Do I get it right that I‘ll need to configure something (on a conceptional level) like:
Use Huawei for traffic addressed to IP 192.168.8.105 (tinyproxy bind).
Use Fritzbox for everything else.
Does this make sense? I think I will try mwan3.
Thanks a lot
Yes, you could create a rule in any of them that packets from source port 8888 will use the huawei uplink, and the default will be Fritz.