Enforce split-wan behaviour

Hi, having trouble with the OpenWRT based RUT-956 and two WAN interfaces.

The crux of the issue is that I require connections incoming on one interface, to strictly be returned via the same interface.

The two interfaces are the internal cellular modem, and an external satellite modem on the WAN port.

Port forwarding is set up on each interface to forward to devices in the LAN and to each other (E.g. access satellite webpage via mobile connection).

Sniffing the traffic inside it seems like requests come in from the satellite, get handled by the LAN device and then the response is routed via the mobile. On the other side, a request via the modem for the satellite webpage seems to get the response routed via the satellite.

I've been having mixed success with SNAT and Policy Based Routing rules, but cannot get it to work all together as it seems like something keeps stepping over something else.

Is there something I'm missing here? I would've thought it should be simple to enforce this split WAN behaviour.

image891×448 95.6 KB

I've been able to resolve this with the following:

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j RETURN
iptables -t mangle -A PREROUTING -i qmimux0 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i qmimux0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i eth0.2 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth0.2 -j CONNMARK --save-mark
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark

• PBR tables for each interface

• a SNAT rule for packets to 192.168.0.1 to rewrite source IP as 192.168.0.10, otherwise the satellite was trying to route those packets itself once received.