Force use of predetermined interface via IPTables

Installing and Using OpenWrt Network and Wireless Configuration
1

Hey guys!

I'm currently running 2 LTE modems and I'd like to keep only one of them as MAIN ROUTE, so the other one would only be used if I directly set a local device to use the second modem interface.

So in resume:
WAN1 is wwan0, which is my main route, no matter if it's down or not (metric 10).
WAN2 is wwan1, which will be my second route, only used if there's a rule in firewall telling to use it. (metric 20).

Basically I have an ipset for Netflix, so I'd like to have all requests to this ipset list to be used by WAN2.
I've tried to use MWAN3, the rules stuff there would work great, but since I'm using LTE as my only internet service, when I suddently gets disconnected from LTE it takes way longer to reconnect when I use MWAN3. So I'd like to have the same behavior from MWAN3 Rules but directly in OpenWRT Firewall, without any additional package. Is it possible?
In MWAN3 I tried 0.0.0.0/0 and ::/0 to use ipset list called netflix and use interface WAN2 and it worked great. How can I "translate" this into iptables rules?

This would be the first case.

The second one would be an interface running OpenVPN and I'd like to have a local device to always use this openvpn interface, instead of the main route.

So this device has static lease with IP 192.168.1.239 and I'd like to have this device to always use VPN interface (tun0).

How can I achieve both of this rules directly in IPTables, without additional packages like MWAN3?

Thanks!

2

Nope, the iptables allow or deny traffic, they don't take routing decisions.
If you want to have a faster failover, then you need to adjust the tracking options. This comes with more traffic of course, but since you are watching Netflix I suppose there is no data cap.

With a pair of rule/route.

3

So in my case this is what would look like?

config rule
        option in 'lan'
        option src '192.168.1.239'
        option lookup '100' #this is the code that will be used to find the device above, right?

config route
        option interface 'VPN'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option metric '200'
        option table '100' #this will look for the option above lookup to determine the device

Am I right?

4

Yes, this is correct. Be careful with the interface names, they are case sensitive.

1 Like
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.