Custom firewall rule to route one lan ip to wan2

I have my LAN set in the 192.168.1.0 subnet, and it connects to the internet via the default gateway "wan"; now I want one LAN client, say 192.168.1.9, to use "wan2" only, which isn't the default gateway, am I correct to assume "Firewall - Custom Rules" is where to do that, and if so, how?

Thank you very much.

If that particular client is connected directly to one of the router's LAN ports (i..e. ot sharing it via a switch) then you could just handle that using VLANs.

Thank you mhegab, I know I can do that but it's not what I asked. I have all the clients connected to an unmanaged switch.

1 Like

Then you could look at multi WAN. For example
https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

firewall / custom rules is not what you want.

You can set this up with ip rules and route using a custom table. if you havent figured out how, I can give an example later (when I'm back home).

Hi ne20002

So this is a custom routing question I guess, I'd love to have your example on how to do it as I don't have experiences with iptables and stuff, I've tried mwan3 but it wasn't as intuitive as I hoped, thank you very much.

I did it this way:

config route
	option table '210'
	option netmask '0.0.0.0'
	option target '0.0.0.0'
	option gateway '192.168.34.71'
	option interface 'wg1'

config route6
	option target '::/0'
	option table '210'
	option gateway 'fd42:0:0:34::71'
	option interface 'wg1'

config rule
	option src '192.168.47.31/32'
	option priority '210'
	option lookup '210'

config rule6
	option src 'fd42:0:0:47::31/128'
	option priority '210'
	option lookup '210'

The source is 192.168.47.31 and fd41:0:0:47::31. All traffic from this source is send via interface wg1 via 192.167.34.71 and fd42:0:0:34::71 (this is the gateway).
Using a numeric table I don't need to add an alias to the rt_table configuration file.

It still requires routes from outside to this ip address ... and you should enable connection tracking for the zone with your device.
Any traffic from somewhere else than via this gateway (192.167.34.71) to the ip address (192.168.47.31) won't find it's way back.

Thank you mate, I get the idea now, it might not work for my situation after all I guess since my 2nd wan is PPPOE with dynamic IP address, not a static IP, so there goes any chance with manually assigned routes. I'll choose your answer in hope of helping others in similar situations. I appreciate all the efforts.

You may try to use this without the gateway address, just with the interface.
That might work as well. It's a simple send any packet from source to whatever destination via this interface ...

1 Like

That'll be great, thank you!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.