I have an OpenWRT router setup which runs MWAN3 across 3 interfaces;
4G modem
WAN_A
WAN_B
WAN_A and WAN_B both requires me to login to the network to access the internet through the same portal at the same IP address.
If neither are logged in, then MWAN3 redirects to the 4G modem, so I setup a static route across a gateway to ensure that when I call up the IP address (10.28.108.1) it goes to WAN_A or WAN_B.
Here is the problem.
I'm tired of having to login to my router, go to static routes, then change the IP depending on which interface I want to use today.
I would like to create two custom URL's that shall work on my LAN network so when I open my browser and type:
WAN_A/ --> It goes to login portal (10.28.108.1) on the WAN_A interface
WAN_B/ --> It goes to login portal (10.28.108.1) on the WAN_B interface
Any guidance on how to do this will be greatly appreciated!
Create 2 firewall DNAT redirects from your router's custom IP/port to the portal's IP.
Then create 2 rules to mark traffic based on the original destination IP/port.
The marked traffic can be routed to the WAN-specific routing table.
I'm trying to follow your instructions but my understanding of firewall rules may fall short.
I understand you want me to establish a dummy IP address that I then pick up and redirect when going in and out of LAN--WAN.
I would like to go step by step - So I'm hoping for help with just this first part - Establishing a dummy IP that will redirect all traffic back and forth.
This is what I got:
I'm picking up the traffic using a dummy IP 1.2.3.4 and redirecting it, then when it comes back in. At this time I just plain forward it to my actual PC IP.
In firewall:
config redirect
option target 'DNAT'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option src_dip '1.2.3.4' # Source destination
option src_dport '8443' #Source port
option dest_ip '10.28.108.1' # Actual destination we want
option dest_port '8443' # Same port
option name 'DummyIpTest'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8443' # Pick all traffic coming into lan on 8443
option dest_ip '192.168.10.175' # Redirect to my PC while testing.
option dest_port '8443'
option name 'DummyIpTestReturn'
config redirect
option target 'SNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_ip '10.28.108.1'
option src_dip '1.2.3.4' # Re-write the source IP as it looks to my PC, so it seems like I'm talking to this IP
option dest_port '8443'
option name 'SNATScript'
option enabled '1'
This does not work.
Chrome gives me:
1.2.3.4 didn’t send any data.
ERR_EMPTY_RESPONSE
Traceroute gives me:
traceroute to 1.2.3.4:8443 (1.2.3.4), 30 hops max, 38 byte packets
1 100.100.100.253 3.682 ms
2 10.247.28.1 16.844 ms
3 10.219.17.69 30.448 ms
4 10.219.17.70 18.594 ms
5 172.31.247.217 23.393 ms
6 200.0.16.24 23.002 ms
7 200.0.16.20 22.606 ms
8 200.0.16.17 23.016 ms
9 216.152.165.141 56.348 ms
10 216.152.164.134 72.446 ms
11 *
I feel like the issue is that I did not proper tag the traffic, but I do not understand how I'm supposed to do it.
uci -q delete dhcp.lp_wana
uci set dhcp.lp_wana="domain"
uci set dhcp.lp_wana.name="lp_wana"
uci set dhcp.lp_wana.ip="172.16.0.1"
uci -q delete dhcp.lp_wanb
uci set dhcp.lp_wanb="domain"
uci set dhcp.lp_wanb.name="lp_wanb"
uci set dhcp.lp_wanb.ip="172.16.0.2"
uci commit dhcp
/etc/init.d/dnsmasq restart
uci -q delete firewall.lp_wana
uci set firewall.lp_wana="redirect"
uci set firewall.lp_wana.name="LoginPortal-WANA"
uci set firewall.lp_wana.src="lan"
uci set firewall.lp_wana.src_dip="172.16.0.1"
uci set firewall.lp_wana.dest_ip="10.28.108.1"
uci set firewall.lp_wana.dest_port="443"
uci set firewall.lp_wana.proto="tcp"
uci set firewall.lp_wana.target="DNAT"
uci -q delete firewall.lp_wanb
uci set firewall.lp_wanb="redirect"
uci set firewall.lp_wanb.name="LoginPortal-WANB"
uci set firewall.lp_wanb.src="lan"
uci set firewall.lp_wanb.src_dip="172.16.0.2"
uci set firewall.lp_wanb.dest_ip="10.28.108.1"
uci set firewall.lp_wanb.dest_port="443"
uci set firewall.lp_wanb.proto="tcp"
uci set firewall.lp_wanb.target="DNAT"
uci -q delete firewall.lp_marka
uci set firewall.lp_marka="rule"
uci set firewall.lp_marka.name="LoginPortal-MarkA"
uci set firewall.lp_marka.src="lan"
uci set firewall.lp_marka.dest_ip="172.16.0.1"
uci set firewall.lp_marka.dest_port="443"
uci set firewall.lp_marka.proto="tcp"
uci set firewall.lp_marka.set_mark="0x1"
uci set firewall.lp_marka.target="MARK"
uci -q delete firewall.lp_markb
uci set firewall.lp_markb="rule"
uci set firewall.lp_markb.name="LoginPortal-MarkB"
uci set firewall.lp_markb.src="lan"
uci set firewall.lp_markb.dest_ip="172.16.0.2"
uci set firewall.lp_markb.dest_port="443"
uci set firewall.lp_markb.proto="tcp"
uci set firewall.lp_markb.set_mark="0x2"
uci set firewall.lp_markb.target="MARK"
uci commit firewall
/etc/init.d/firewall restart
Hey, thank you for the swift reply. I only had time to really investigate this evening.
This is where I am now -
The DHCP part works but requires users do not have their own DNS set. This part is fine overall. To avoid confusion I will below not mention the alias I have given for the different IPs.
As for the root of the problem, this is what I got:
Firewall:
config redirect 'WanB'
option target 'DNAT'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option src_dip '1.2.3.4'
option name 'LoginWanB'
option enabled '1'
option src_dport '8443'
option dest_ip '10.28.108.1'
Network:
config route
option interface 'WANB'
option gateway '100.100.100.253' # WAN B network gateway
option target '1.2.3.4'
config route
option target '10.28.108.1'
option interface 'WANA'
option gateway '192.168.1.1' # Wan A is behind an upstream ADSL modem/router
And this works to the point that my core problem is solved
I type in my browser:
1.2.3.4 --> It opens the login window routing through WAN B
10.28.108.1:8443 --> It opens the login window rougting through WAN A
All the rest did not work or did not make a difference.
Marking traffic did not create any issue, but it did also not make any difference.
I am not able to create a custom IP for WAN A, I use the same settings as I use for WAN B, only changing the route to go on WAN A, and then it stops working. Something related to the upstream router?
I added: option dest 'wan' to the firewall setting, but not sure it makes much difference.
I feel that the bit you marked (0x1 and 0x2) is never getting used for anything, and that is why it never worked? Should there not somewhere be another configuration that looks for this bit and tells the router to identify that stream of data as originating from one or the other?