aMule behind 2 NATs not working

I am referring to mwan3 metrics:

They all have metric 1.

Ok, how do I change this?

Go to each member and adjust the metrics and the name. Then use the new name in the policy. Make sure you update all policies.

Like this:

root@Laurent_Home_OpenWrt_1043ND_retired:~# cat /etc/config/mwan3 

config globals 'globals'

config rule 'no_mule_wan'
        option dest_port '4662,4672'
        option proto 'all'
        option use_policy 'lan_only'

config rule 'no_yt_wan_tcp'
        option dest_ip '172.217.18.110/32'
        option proto 'all'
        option use_policy 'lan_only'

config rule 'no_radio_wwan2'
        option dest_ip '217.74.72.4'
        option proto 'all'
        option use_policy 'lan_wan'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option proto 'all'
        option use_policy 'lan_wan_wan2'

config member 'lan_m10_w3'
        option interface 'lan'
        option metric '10'
        option weight '3'

config member 'lan_m2_w3'
        option interface 'lan'
        option metric '2'
        option weight '3'

config member 'wwan_phone_m20_w2'
        option interface 'wwan_phone'
        option metric '20'
        option weight '2'

config member 'wwan_phone_m2_w2'
        option interface 'wwan_phone'
        option metric '2'
        option weight '2'

config policy 'lan_only'
        list use_member 'lan_m10_w3'

config policy 'wan_only'
        list use_member 'wwan_phone_m20_w2'

#config policy 'balanced'
#       list use_member 'lan_m1_w3'
#       list use_member 'wwan_phone_m1_w2'

config policy 'lan_wan'
        list use_member 'lan_m10_w3'
        list use_member 'wwan_phone_m20_w2'

#config policy 'wan_lan'
#       list use_member 'lan_m2_w3'
#       list use_member 'wwan_phone_m1_w2'

config interface 'lan'
        option enabled '1'
        option reliability '2'
        option count '1'
        option timeout '2'
        option down '3'
        option up '3'
        option family 'ipv4'
        list track_ip '194.204.159.1'
        list track_ip '194.204.152.34'
        list track_ip '8.8.8.8'
        option interval '1'

config interface 'wwan_phone'
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '208.67.220.220'
        option reliability '1'
        option family 'ipv4'
        option count '2'
        option timeout '5'
        option interval '5'
        option down '3'
        option up '3'

config interface 'wwan_Aero2'
        option enabled '1'
        option family 'ipv4'
        option reliability '1'
        option down '3'
        option timeout '5'
        option count '2'
        option interval '30'
        option up '3'
        option initial_state 'online'
        list track_ip '194.204.159.1'
        option track_method 'ping'
        option size '56'
        option check_quality '0'
        option failure_interval '5'
        option recovery_interval '5'
        option flush_conntrack 'never'

config member 'wwan_Aero2_m30_w2'
        option interface 'wwan_Aero2'
        option metric '30'
        option weight '2'

config member 'wwan_Aero2_m2_w2'
        option interface 'wwan_Aero2'
        option metric '2'
        option weight '2'

config policy 'wan2_only'
        list use_member 'wwan_Aero2_m30_w2'
        option last_resort 'unreachable'

config policy 'lan_wan_wan2'
        list use_member 'lan_m10_w3'
        list use_member 'wwan_phone_m20_w2'
        list use_member 'wwan_Aero2_m30_w2'
        option last_resort 'unreachable'

Will test if backup links work correctly tomorrow.

I didn't read it through, but the default rule using lan_wan_wan2 policy seems to be correct.

But this is NOT working:

  • if I block LAN route (192.168.1.1 - ADSL router), then
  • ping (to dns server) fails silently,
  • ping -I wlan0 (same IP) works,
  • ping -I 3g-wwan_Aero2 works also.

Looks mwan3 is not working as expected, does not detect LAN route down / block traffic.
If I delete route "route del default gw 192.168.1.1" traffic gets to wlan0. :frowning:

Is there some kind of "mwan3 guide"? To read how SHOULD I translate my routing expectations into mwan3 "interfaces", "members", "rules" and "policies"?
Because for now I am like child in the fog...

Have tried to begin from scratch,

  • remove mwan3, install mwan3
  • defined interfaces using GUI, works OK, up/down events correctly detected,
  • now tried to mimic (using GUI, not raw file copy) "members", "policies", "rules".

GOT THE SAME. Not working, looks as if the mwan3 is NOT correctly manipulating kernel routing tables....
Any ideas?

Replaced ip-tiny with ip-full but this does not change anything

Post the mwan3 status; ip -4 ro li table all; iptables-save -c -t mangle with lan up and with lan down.

OK, here it goes:

Currennt /etc/config/mwan3

root@Laurent_Home_OpenWrt_1043ND_retired:~# cat /etc/config/mwan3

config rule 'no_mule_wan'
        option src_port '4662,4672'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_only'

config rule 'no_yt_wan'
        option dest_ip '172.217.18.110/32'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_only'

config rule 'no_radio_wwan2'
        option dest_ip '217.74.72.4/32'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_wan'

config rule 'https'
        option sticky '1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'lan_wan_wan2'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_wan_wan2'

config globals 'globals'
        option mmx_mask '0x3F00'
        option local_source '192.168.1.60'
        option enabled '1'

config interface 'lan'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        option track_method 'ping'
        option reliability '1'
        option count '3'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option flush_conntrack 'always'

config interface 'wwan_phone'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option track_method 'ping'
        option reliability '1'
        option count '2'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option flush_conntrack 'never'

config interface 'wwan_Aero2'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option track_method 'ping'
        option reliability '1'
        option count '1'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option flush_conntrack 'never'

config member 'lan_m1_w3'
        option interface 'lan'
        option metric '1'
        option weight '3'

config member 'lan_m2_w3'
        option interface 'lan'
        option metric '2'
        option weight '3'

config member 'wwan_phone_m1_w2'
        option interface 'wwan_phone'
        option metric '1'
        option weight '2'

config member 'wwan_phone_m2_w2'
        option interface 'wwan_phone'
        option metric '2'
        option weight '2'

config member 'wwan_Aero2_m1_w2'
        option interface 'wwan_Aero2'
        option metric '1'
        option weight '2'

config member 'wwan_Aero2_m2_w2'
        option interface 'wwan_Aero2'
        option metric '2'
        option weight '2'

config member 'wwan_Aero2_m3_w2'
        option interface 'wwan_Aero2'
        option metric '3'
        option weight '2'

config policy 'lan_only'
        list use_member 'lan_m1_w3'
        option last_resort 'unreachable'

config policy 'wan_only'
        list use_member 'wwan_phone_m1_w2'
        option last_resort 'unreachable'

config policy 'lan_wan'
        option last_resort 'unreachable'
        list use_member 'lan_m1_w3'
        list use_member 'wwan_phone_m2_w2'

config policy 'wan2_only'
        list use_member 'wwan_Aero2_m1_w2'
        option last_resort 'unreachable'

config policy 'lan_wan_wan2'
        option last_resort 'unreachable'
        list use_member 'lan_m1_w3'
        list use_member 'wwan_phone_m2_w2'
        list use_member 'wwan_Aero2_m3_w2'

And test results LAN GATEWAY UP:

root@Laurent_Home_OpenWrt_1043ND_retired:~# mwan3 status
Interface status:
 interface lan is online and tracking is active
 interface wwan_phone is online and tracking is active
 interface wwan_Aero2 is online and tracking is active

Current ipv4 policies:
lan_only:
 lan (100%)

lan_wan:
 lan (100%)

lan_wan_wan2:
 lan (100%)

wan2_only:
 wwan_Aero2 (100%)

wan_only:
 wwan_phone (100%)


Current ipv6 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 unreachable

wan2_only:
 unreachable

wan_only:
 unreachable


Directly connected ipv4 networks:
 192.168.43.0/24
 192.168.1.0/24
 127.0.0.0/8
 192.168.43.60
 10.64.64.64
 192.168.10.0/24
 192.168.15.0/24
 127.0.0.1
 127.0.0.0
 100.108.203.211
 192.168.43.255
 127.255.255.255
 192.168.1.60
 192.168.43.0
 192.168.1.255
 192.168.1.0
 224.0.0.0/3

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 - lan_only  all  --  *      *       0.0.0.0/0            0.0.0.0/0            
    0     0 - lan_only  all  --  *      *       0.0.0.0/0            172.217.18.110       
    0     0 - lan_wan  all  --  *      *       0.0.0.0/0            217.74.72.4          
    0     0 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    2   192 - lan_only  all      *      *       ::/0                 ::/0                 
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all      *      *       ::/0                 ::/0
root@Laurent_Home_OpenWrt_1043ND_retired:~# ip -4 ro li table all
default via 192.168.1.1 dev br-lan table 1 
default via 192.168.43.1 dev wlan0 table 2 linkdown 
default via 10.64.64.64 dev 3g-wwan_Aero2 table 3 
default via 192.168.1.1 dev br-lan proto static metric 10 
default via 192.168.43.1 dev wlan0 proto static metric 20 linkdown 
default via 10.64.64.64 dev 3g-wwan_Aero2 proto static metric 30 
10.64.64.64 dev 3g-wwan_Aero2 proto kernel scope link src 100.108.203.211 
192.168.1.0/24 dev br-lan proto static scope link metric 10 
192.168.10.0/24 via 192.168.1.30 dev br-lan proto static metric 10 
192.168.15.0/24 via 192.168.1.110 dev br-lan proto static metric 10 
192.168.43.0/24 dev wlan0 proto static scope link metric 20 linkdown 
local 100.108.203.211 dev 3g-wwan_Aero2 table local proto kernel scope host src 100.108.203.211 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.60 
local 192.168.1.60 dev br-lan table local proto kernel scope host src 192.168.1.60 
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.60 
broadcast 192.168.43.0 dev wlan0 table local proto kernel scope link src 192.168.43.60 linkdown 
local 192.168.43.60 dev wlan0 table local proto kernel scope host src 192.168.43.60 
broadcast 192.168.43.255 dev wlan0 table local proto kernel scope link src 192.168.43.60 linkdown
root@Laurent_Home_OpenWrt_1043ND_retired:~# iptables-save -c -t mangle
# Generated by iptables-save v1.6.2 on Thu Jun 10 08:20:18 2021
*mangle
:PREROUTING ACCEPT [3179:1775566]
:INPUT ACCEPT [659:63577]
:FORWARD ACCEPT [2517:1711869]
:OUTPUT ACCEPT [632:166983]
:POSTROUTING ACCEPT [3139:1877835]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_lan - [0:0]
:mwan3_iface_in_wwan_Aero2 - [0:0]
:mwan3_iface_in_wwan_phone - [0:0]
:mwan3_iface_out_lan - [0:0]
:mwan3_iface_out_wwan_Aero2 - [0:0]
:mwan3_iface_out_wwan_phone - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_lan_only - [0:0]
:mwan3_policy_lan_wan - [0:0]
:mwan3_policy_lan_wan_wan2 - [0:0]
:mwan3_policy_wan2_only - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
[4680:2612675] -A PREROUTING -j mwan3_hook
[0:0] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[970:251001] -A OUTPUT -j mwan3_hook
[201:21700] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[5650:2863676] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[179:20301] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[90:7852] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[81:7077] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
[4:673] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[5650:2863676] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[341:34286] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[84:10184] -A mwan3_iface_in_lan -i br-lan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[5:2265] -A mwan3_iface_in_lan -i br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[29:2372] -A mwan3_iface_out_lan -o br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[24:2016] -A mwan3_iface_out_wwan_Aero2 -o 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[24:2016] -A mwan3_iface_out_wwan_phone -o wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[174:19576] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_lan
[79:6540] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_phone
[76:6288] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_Aero2
[77:6404] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_lan
[48:4032] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_phone
[24:2016] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_Aero2
[0:0] -A mwan3_policy_lan_only -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_lan_wan -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_lan_wan_wan2 -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_wan2_only -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_lan_wan_wan2
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment no_mule_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 172.217.18.110/32 -m mark --mark 0x0/0x3f00 -m comment --comment no_yt_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 217.74.72.4/32 -m mark --mark 0x0/0x3f00 -m comment --comment no_radio_wwan2 -j mwan3_policy_lan_wan
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_lan_wan_wan2
COMMIT
# Completed on Thu Jun 10 08:20:18 2021

Now with LAN GATEWAY DOWN

root@Laurent_Home_OpenWrt_1043ND_retired:~# mwan3 status
Interface status:
 interface lan is offline and tracking is active
 interface wwan_phone is offline and tracking is active
 interface wwan_Aero2 is online and tracking is active

Current ipv4 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 wwan_Aero2 (100%)

wan2_only:
 wwan_Aero2 (100%)

wan_only:
 unreachable


Current ipv6 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 unreachable

wan2_only:
 unreachable

wan_only:
 unreachable


Directly connected ipv4 networks:
 192.168.1.60
 192.168.43.0
 192.168.1.0/24
 100.108.203.211
 127.0.0.0/8
 192.168.10.0/24
 127.0.0.1
 224.0.0.0/3
 127.0.0.0
 10.64.64.64
 192.168.15.0/24
 192.168.43.255
 192.168.1.0
 192.168.43.0/24
 192.168.1.255
 127.255.255.255
 192.168.43.60

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 - lan_only  all  --  *      *       0.0.0.0/0            0.0.0.0/0            
    0     0 - lan_only  all  --  *      *       0.0.0.0/0            172.217.18.110       
    0     0 - lan_wan  all  --  *      *       0.0.0.0/0            217.74.72.4          
    0     0 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 - lan_only  all      *      *       ::/0                 ::/0                 
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all      *      *       ::/0                 ::/0
root@Laurent_Home_OpenWrt_1043ND_retired:~# ip -4 ro li table all
default via 192.168.1.1 dev br-lan table 1 
default via 192.168.43.1 dev wlan0 table 2 linkdown 
default via 10.64.64.64 dev 3g-wwan_Aero2 table 3 
default via 192.168.1.1 dev br-lan proto static metric 10 
default via 192.168.43.1 dev wlan0 proto static metric 20 linkdown 
default via 10.64.64.64 dev 3g-wwan_Aero2 proto static metric 30 
10.64.64.64 dev 3g-wwan_Aero2 proto kernel scope link src 100.108.203.211 
192.168.1.0/24 dev br-lan proto static scope link metric 10 
192.168.10.0/24 via 192.168.1.30 dev br-lan proto static metric 10 
192.168.15.0/24 via 192.168.1.110 dev br-lan proto static metric 10 
192.168.43.0/24 dev wlan0 proto static scope link metric 20 linkdown 
local 100.108.203.211 dev 3g-wwan_Aero2 table local proto kernel scope host src 100.108.203.211 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.60 
local 192.168.1.60 dev br-lan table local proto kernel scope host src 192.168.1.60 
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.60 
broadcast 192.168.43.0 dev wlan0 table local proto kernel scope link src 192.168.43.60 linkdown 
local 192.168.43.60 dev wlan0 table local proto kernel scope host src 192.168.43.60 
broadcast 192.168.43.255 dev wlan0 table local proto kernel scope link src 192.168.43.60 linkdown
root@Laurent_Home_OpenWrt_1043ND_retired:~# iptables-save -c -t mangle
# Generated by iptables-save v1.6.2 on Thu Jun 10 08:26:13 2021
*mangle
:PREROUTING ACCEPT [1971:189503]
:INPUT ACCEPT [1134:103374]
:FORWARD ACCEPT [837:86129]
:OUTPUT ACCEPT [2024:407354]
:POSTROUTING ACCEPT [2855:493071]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_lan - [0:0]
:mwan3_iface_in_wwan_Aero2 - [0:0]
:mwan3_iface_in_wwan_phone - [0:0]
:mwan3_iface_out_lan - [0:0]
:mwan3_iface_out_wwan_Aero2 - [0:0]
:mwan3_iface_out_wwan_phone - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_lan_only - [0:0]
:mwan3_policy_lan_wan - [0:0]
:mwan3_policy_lan_wan_wan2 - [0:0]
:mwan3_policy_wan2_only - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
[11719:5496817] -A PREROUTING -j mwan3_hook
[0:0] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[4314:998465] -A OUTPUT -j mwan3_hook
[816:86894] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[16033:6495282] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[540:48676] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[301:25634] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[279:23589] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
[4:673] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[16033:6495282] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[1314:129914] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[227:19961] -A mwan3_iface_in_lan -i br-lan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[12:3081] -A mwan3_iface_in_lan -i br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[97:7964] -A mwan3_iface_out_lan -o br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[90:7560] -A mwan3_iface_out_wwan_Aero2 -o 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[88:7392] -A mwan3_iface_out_wwan_phone -o wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[535:47951] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_lan
[290:24322] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_phone
[287:24070] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_Aero2
[275:22916] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_lan
[178:14952] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_phone
[90:7560] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_Aero2
[0:0] -A mwan3_policy_lan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_lan_wan -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_lan_wan_wan2 -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan2_only -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x300/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_lan_wan_wan2
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment no_mule_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 172.217.18.110/32 -m mark --mark 0x0/0x3f00 -m comment --comment no_yt_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 217.74.72.4/32 -m mark --mark 0x0/0x3f00 -m comment --comment no_radio_wwan2 -j mwan3_policy_lan_wan
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_lan_wan_wan2
COMMIT
# Completed on Thu Jun 10 08:26:13 2021

I have made a small debug, inserted code in /etc/mwan3.user
and here the result:

root@Laurent_Home_OpenWrt_1043ND_retired:~# cat /tmp/test1.txt 
Thu Jun 10 08:17:58 CEST 2021
ACTION: connected
INTERFACE: lan
DEVICE: br-lan

Thu Jun 10 08:18:00 CEST 2021
ACTION: ifup
INTERFACE: lan
DEVICE: br-lan

Thu Jun 10 08:18:07 CEST 2021
ACTION: connected
INTERFACE: wwan_phone
DEVICE: wlan0

Thu Jun 10 08:18:09 CEST 2021
ACTION: ifup
INTERFACE: wwan_phone
DEVICE: wlan0

Thu Jun 10 08:18:13 CEST 2021
ACTION: connected
INTERFACE: wwan_Aero2
DEVICE: 3g-wwan_Aero2

Thu Jun 10 08:18:16 CEST 2021
ACTION: ifup
INTERFACE: wwan_Aero2
DEVICE: 3g-wwan_Aero2

Thu Jun 10 08:18:40 CEST 2021
ACTION: ifdown
INTERFACE: wwan_phone
DEVICE: wlan0

Thu Jun 10 08:18:40 CEST 2021
ACTION: disconnected
INTERFACE: wwan_phone
DEVICE: wlan0

Thu Jun 10 08:23:27 CEST 2021
ACTION: ifdown
INTERFACE: lan
DEVICE: br-lan

Thu Jun 10 08:23:28 CEST 2021
ACTION: disconnected
INTERFACE: lan
DEVICE: br-lan

And DEVICE br-lan is always UP... it may only loose connectivity to Internet trough ADSL router.

And while LAN gateway is DOWN, "ping 'dns IP'" does not work, no output, but "ping -I 3g-wwan_Aero2 'dns IP'" WORKS.
Found a bug?

I have also made a workaroud this problem, added "route del / route" add to /etc/mwan3.user,
of course commented this out for tests time:

[ "$ACTION" = "disconnected" -a "$INTERFACE" = "lan" ] && route del default gw 192.168.1.1
[ "$ACTION" = "connected" -a "$INTERFACE" = "lan" ] && route add default gw 192.168.1.1 metric 10

[ "$ACTION" = "disconnected" -a "$INTERFACE" = "wwan_phone" ] && route del default gw 192.168.43.1
[ "$ACTION" = "connected" -a "$INTERFACE" = "wwan_phone" ] && route add default gw 192.168.43.1 metric 20

With this routing works as expected (but this is temporary solution I hope).

[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment no_mule_wan -j mwan3_policy_lan_only

The no_mule_wan rule is not correct. There is no source port applied and basically matches all traffic. Since it is the first rule, it will always be the first rule to match.
I suggest to add the protocol, tcp or udp or both, and try it again.

This was a typo, should be DESTINATION ports 4662,4672.
But simply removed the whole "amule" rule, NO CHANGE. :frowning:
Also moved YT and "radio" rules below default rule, so they should be inactive, NO CHANGE.

Whats next test?

Post once again the mwan3 status; iptables-save -c -t mangle before and after.

1). "Save & apply" in rules (at least, tested) section of mwan3 is NOT enough, it does not change IPTABLES chains. Issuing /etc/init.d/network restart does.
2). Removed all my rules, only "factory default"

And here is /etc/config/mwan3:

root@Laurent_Home_OpenWrt_1043ND_retired:~# cat /etc/config/mwan3

config rule 'https'
        option sticky '1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'lan_wan_wan2'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_wan_wan2'

config globals 'globals'
        option mmx_mask '0x3F00'
        option local_source '192.168.1.60'
        option enabled '1'

config interface 'lan'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        option track_method 'ping'
        option reliability '1'
        option count '3'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option flush_conntrack 'always'

config interface 'wwan_phone'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option track_method 'ping'
        option reliability '1'
        option count '2'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option flush_conntrack 'never'

config interface 'wwan_Aero2'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '194.204.159.1'
        list track_ip '8.8.8.8'
        option track_method 'ping'
        option reliability '1'
        option count '1'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option flush_conntrack 'never'

config member 'lan_m1_w3'
        option interface 'lan'
        option metric '1'
        option weight '3'

config member 'lan_m2_w3'
        option interface 'lan'
        option metric '2'
        option weight '3'

config member 'wwan_phone_m1_w2'
        option interface 'wwan_phone'
        option metric '1'
        option weight '2'

config member 'wwan_phone_m2_w2'
        option interface 'wwan_phone'
        option metric '2'
        option weight '2'

config member 'wwan_Aero2_m1_w2'
        option interface 'wwan_Aero2'
        option metric '1'
        option weight '2'

config member 'wwan_Aero2_m2_w2'
        option interface 'wwan_Aero2'
        option metric '2'
        option weight '2'

config member 'wwan_Aero2_m3_w2'
        option interface 'wwan_Aero2'
        option metric '3'
        option weight '2'

config policy 'lan_only'
        list use_member 'lan_m1_w3'
        option last_resort 'unreachable'

config policy 'wan_only'
        list use_member 'wwan_phone_m1_w2'
        option last_resort 'unreachable'

config policy 'lan_wan'
        option last_resort 'unreachable'
        list use_member 'lan_m1_w3'
        list use_member 'wwan_phone_m2_w2'

config policy 'wan2_only'
        list use_member 'wwan_Aero2_m1_w2'
        option last_resort 'unreachable'

config policy 'lan_wan_wan2'
        option last_resort 'unreachable'
        list use_member 'lan_m1_w3'
        list use_member 'wwan_phone_m2_w2'
        list use_member 'wwan_Aero2_m3_w2'

mwan3 status LAN working

root@Laurent_Home_OpenWrt_1043ND_retired:~# mwan3 status
Interface status:
 interface lan is online and tracking is active
 interface wwan_phone is offline and tracking is active
 interface wwan_Aero2 is online and tracking is active

Current ipv4 policies:
lan_only:
 lan (100%)

lan_wan:
 lan (100%)

lan_wan_wan2:
 lan (100%)

wan2_only:
 wwan_Aero2 (100%)

wan_only:
 unreachable


Current ipv6 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 unreachable

wan2_only:
 unreachable

wan_only:
 unreachable


Directly connected ipv4 networks:
 192.168.15.0/24
 192.168.43.0
 192.168.10.0/24
 192.168.43.60
 127.0.0.0
 224.0.0.0/3
 100.115.122.192
 192.168.1.60
 192.168.1.255
 127.255.255.255
 10.64.64.64
 192.168.1.0
 192.168.43.255
 192.168.1.0/24
 127.0.0.1
 192.168.43.0/24
 127.0.0.0/8

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport sports 0:65535 multiport dports 443 
   51  4896 - lan_wan_wan2  all      *      *       ::/0                 ::/0

iptables-save

root@Laurent_Home_OpenWrt_1043ND_retired:~# iptables-save -c -t mangle
# Generated by iptables-save v1.6.2 on Thu Jun 10 11:44:16 2021
*mangle
:PREROUTING ACCEPT [6910:3977594]
:INPUT ACCEPT [1136:107069]
:FORWARD ACCEPT [5764:3869627]
:OUTPUT ACCEPT [1109:221015]
:POSTROUTING ACCEPT [6842:4087255]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_lan - [0:0]
:mwan3_iface_in_wwan_Aero2 - [0:0]
:mwan3_iface_in_wwan_phone - [0:0]
:mwan3_iface_out_lan - [0:0]
:mwan3_iface_out_wwan_Aero2 - [0:0]
:mwan3_iface_out_wwan_phone - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_lan_only - [0:0]
:mwan3_policy_lan_wan - [0:0]
:mwan3_policy_lan_wan_wan2 - [0:0]
:mwan3_policy_wan2_only - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
[8633:4971471] -A PREROUTING -j mwan3_hook
[0:0] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[1380:271810] -A OUTPUT -j mwan3_hook
[401:39007] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[10013:5243281] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[331:31578] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[185:16675] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[163:14605] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
[19:2629] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[10013:5243281] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[664:62582] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[114:12506] -A mwan3_iface_in_lan -i br-lan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[32:2397] -A mwan3_iface_in_lan -i br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[53:4332] -A mwan3_iface_out_lan -o br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[46:3864] -A mwan3_iface_out_wwan_Aero2 -o 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[45:3780] -A mwan3_iface_out_wwan_phone -o wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[306:28480] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_lan
[153:12779] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_phone
[150:12527] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_Aero2
[144:11976] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_lan
[91:7644] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_phone
[46:3864] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_Aero2
[0:0] -A mwan3_policy_lan_only -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_lan_wan -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_lan_wan_wan2 -m mark --mark 0x0/0x3f00 -m comment --comment "lan 3 3" -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_policy_wan2_only -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_lan_wan_wan2
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_lan_wan_wan2
COMMIT
# Completed on Thu Jun 10 11:44:16 2021

Now blocking LAN routing to ADSL router

mwan3 status

root@Laurent_Home_OpenWrt_1043ND_retired:~# mwan3 status
Interface status:
 interface lan is offline and tracking is active
 interface wwan_phone is offline and tracking is active
 interface wwan_Aero2 is online and tracking is active

Current ipv4 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 wwan_Aero2 (100%)

wan2_only:
 wwan_Aero2 (100%)

wan_only:
 unreachable


Current ipv6 policies:
lan_only:
 unreachable

lan_wan:
 unreachable

lan_wan_wan2:
 unreachable

wan2_only:
 unreachable

wan_only:
 unreachable


Directly connected ipv4 networks:
 10.64.64.64
 192.168.43.60
 192.168.1.0
 192.168.1.255
 127.255.255.255
 127.0.0.0
 192.168.15.0/24
 224.0.0.0/3
 127.0.0.1
 192.168.43.0
 192.168.43.0/24
 127.0.0.0/8
 192.168.1.60
 100.115.122.192
 192.168.1.0/24
 192.168.43.255
 192.168.10.0/24

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport sports 0:65535 multiport dports 443 
    0     0 - lan_wan_wan2  all      *      *       ::/0                 ::/0

iptables-save

root@Laurent_Home_OpenWrt_1043ND_retired:~# iptables-save -c -t mangle
# Generated by iptables-save v1.6.2 on Thu Jun 10 11:48:35 2021
*mangle
:PREROUTING ACCEPT [1274:120146]
:INPUT ACCEPT [620:55507]
:FORWARD ACCEPT [653:64607]
:OUTPUT ACCEPT [1282:213669]
:POSTROUTING ACCEPT [1915:276936]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_lan - [0:0]
:mwan3_iface_in_wwan_Aero2 - [0:0]
:mwan3_iface_in_wwan_phone - [0:0]
:mwan3_iface_out_lan - [0:0]
:mwan3_iface_out_wwan_Aero2 - [0:0]
:mwan3_iface_out_wwan_phone - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_lan_only - [0:0]
:mwan3_policy_lan_wan - [0:0]
:mwan3_policy_lan_wan_wan2 - [0:0]
:mwan3_policy_wan2_only - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
[13477:7037870] -A PREROUTING -j mwan3_hook
[0:0] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[3442:647919] -A OUTPUT -j mwan3_hook
[820:82630] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[16919:7685789] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[615:55130] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[342:29846] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[305:26453] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
[19:2629] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[16919:7685789] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[1333:127062] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[240:22855] -A mwan3_iface_in_lan -i br-lan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[33:2429] -A mwan3_iface_in_lan -i br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_Aero2 -i 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wwan_phone -i wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[100:8200] -A mwan3_iface_out_lan -o br-lan -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[94:7896] -A mwan3_iface_out_wwan_Aero2 -o 3g-wwan_Aero2 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_Aero2 -j MARK --set-xmark 0x300/0x3f00
[92:7728] -A mwan3_iface_out_wwan_phone -o wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wwan_phone -j MARK --set-xmark 0x200/0x3f00
[590:52032] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_lan
[310:25950] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_phone
[307:25698] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wwan_Aero2
[286:23824] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_lan
[186:15624] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_phone
[94:7896] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wwan_Aero2
[0:0] -A mwan3_policy_lan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_lan_wan -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_lan_wan_wan2 -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan2_only -m mark --mark 0x0/0x3f00 -m comment --comment "wwan_Aero2 2 2" -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x300/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x300/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_lan_wan_wan2
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_lan_wan_wan2
COMMIT
# Completed on Thu Jun 10 11:48:35 2021

I think the combination of lan interface for both lan and wan is creating all these problems. MWAN3 will mark the packets coming in from the br-lan interface to use the lan interface as exit point. Use a dedicated wan interface as upstream.

I can't change topology, especially ADSL router is located in another building, connected over WiFi WDS link (bridge).

Is it possible to make some kind of "virtual" interface on same HW as LAN?
Have no other idea apart what I have changed in mwan3.user. (route add / del).

You don't need to change the topology. Just assign the cable coming from the adsl to a wan interface and use the lan only for your hosts.

It is not so simple: ADSL router is 1km from me, accompanied by MR3220 acting as Eth-WiFi bridge, on my side, there is WR1043ND acting as bridge, GbE switch, and Internet radio. To this it is connected another WR1043ND, "our router in question", which has WiFi to Android phone acting (sometimes) as 3G router, and 3G modem on USB. It acts as backup link(s) in case ADSL router looses Internet connection for some reason (power, ADSL line, etc).

Main router link is: laptop/radio router -> "our router" -> WR1043 / MR3220 WiFi bridge -> ADSL router -> telephone line. Backup links are on "our router" trough WiFi / 3G.

Any idea how should I configure this? I have full control over every device. MR3220 & WR1043ND are OpenWRT devices. ADSL router is TP-LINK firmware.

And don't forget: main target, apart making all Internet access pass trough "our router" (for backup) is making aMule run on laptop behind double NAT / port forwards. (WWW works, but this is one-way connection).

You can try the macvlan, hopefully it will work, otherwise you are out of options.

Will look at this, but look at FIRST post - this routing config (with backup links, except aMule) WAS WORKING on OpenWRT 14.07... So this is some regression in case of routing. :frowning:
And what I found more: in "factory" install of mwan3, then default config file does NOT have "enabled" "1" in "globals" section! So OOB mwan3 is NOT working.

I was told to upgrade to "current / supported" OpenWRT (and hardware, as needed), and only THEN routing problems arise.

If You look at "my diagnostic" output, there is error: Internet connectivity loss on some link (main LAN, WiFi) is NOT quivalent to INTERFACE being down. But when invoking mwan3.user those 2 events are tied together!
This is (almost) the case of 3G USB modem - it looses connection, PPPd dies and interface disappears.

It's possible that something has changed since 14.07 in mwan3 or in networking.
Only 19.07 is supported, so you'll have to adapt to its standards. Again, the way that your devices are connected is rather weird, so you cannot blame one or the other if at some point it accidentally worked. In any case you can open a ticket to mwan3 developers, but I don't think they agree that using one interface as lan and wan is supported. @aaronjg please correct me if I am wrong.

I think something in 18.06 mwan3 is BROKEN:

Lines from /etc/config/mwan3:

config rule 'no_mule_wan'
        option dest_port '4662'
        option proto 'all'
        option sticky '0'
        option use_policy 'lan_only'
        option src_ip '192.168.1.0/24'
        option dest_ip '0.0.0.0/0'

And grep 192 from iptables-save

-A mwan3_rules -s 192.168.1.0/24 -m mark --mark 0x0/0x3f00 -m comment --comment no_mule_wan -j mwan3_policy
_lan_only

Ooops, WHERE are --dport? and -d? GONE? There is NO "4662" in iptables-save -t mangle!
What do You think?

Line from iptables-save output on MR3220 / BB14.07:

-A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 4662,4672 -m mark --mark 0x0/0xf
f00 -m comment --comment no_mule_wan_rule_tcp -j mwan3_policy_lan_only

Here You have what was in config: dports. Different from 18.06?

I just started thinking about manually edit output of iptables-save generated by mwan3 to reflect config, reapply, and THEN look if it works. ?

EDIT: changed from protocol "all" to "tcp" and MAGIC, --dports is BACK (in 18.06)... will investigate.

STRANGE:

root@Laurent_Home_OpenWrt_1043ND_retired:~# grep mwan3_rules /tmp/ipt.txt 
:mwan3_rules - [0:0]
[162:74997] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 4662,4672 -m mark --mark 0x0/0x3f00 -m comment --comment no_mule_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 172.217.18.110/32 -p tcp -m multiport --sports 0:65535 -m multiport --dports 0:65535 -m mark --mark 0x0/0x3f00 -m comment --comment no_yt_wan -j mwan3_policy_lan_only
[0:0] -A mwan3_rules -d 217.74.72.4/32 -p tcp -m multiport --sports 0:65535 -m multiport --dports 0:65535 -m mark --mark 0x0/0x3f00 -m comment --comment no_radio_wwan2 -j mwan3_policy_lan_wan
[0:0] -A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_lan_wan_wan2

ALL mwan3 policies counters are ZERO? How it is possible? Radio (217.74.72.4) is playing. aMule started on laptop.