Help me configure some LAN addresses that connect via certain WAN port

tuanphat1493 · March 11, 2023, 2:12pm

Sorry I'm new with this.
I have two WAN Network, All two wan now set to firewall rule like normal config. And I'm using mwan3 to balanced two wan, wan1 metric 40, wan2 metric 41. And I have only one Lan port with subnet 10.0.0.1/22
So now I want LAN address 10.0.0.10 will always connect to WAN2 to access internet and all another Lan is still connect balanced with mwan3 like normal. Please tell me how to config that. Thank !!!

Network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd5f:ec41:fa15::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        list ipaddr '10.0.0.1/22'

config interface 'wan'
        option device 'eth1'
        option proto 'pppoe'
        option ipv6 'auto'
        option username 'xxxx'
        option password 'xxxx'
        option peerdns '0'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
        option metric '40'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config interface 'wan2'
        option proto 'pppoe'
        option device 'eth0'
        option username 'xxxx'
        option password 'xxxx'
        option ipv6 'auto'
        option metric '52'

config interface 'wan3'
        option proto 'pppoe'
        option device 'eth2'
        option username 'xxxx'
        option password 'xxxx'
        option metric '53'
        option ipv6 'auto'

Mwan3 config

config globals 'globals'
        option mmx_mask '0x3F00'
        option xwan_md5 'ed607635aae53b32b59bc63d51151ebc'

config rule 'https'
        option sticky '1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'balanced'

config rule 'default_rule_v4'
        option dest_ip '0.0.0.0/0'
        option use_policy 'balanced'
        option family 'ipv4'

config rule 'default_rule_v6'
        option dest_ip '::/0'
        option use_policy 'balanced'
        option family 'ipv6'

config interface 'wan'
        option enabled '1'
        option initial_state 'online'
        list track_ip '1.0.0.3'
        list track_ip '1.1.1.3'
        option track_method 'ping'
        option reliability '1'
        option count '1'
        option size '56'
        option max_ttl '60'
        option check_quality '0'
        option timeout '2'
        option interval '20'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'

config member 'wan_m100_w100'
        option interface 'wan'
        option metric '100'
        option weight '100'

config policy 'balanced'
        option last_resort 'unreachable'
        list use_member 'wan_m100_w100'
        list use_member 'wan2_m100_w100'
        list use_member 'wan3_m100_w100'

config interface 'wan2'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '1.1.1.1'
        option track_method 'ping'
        option reliability '1'
        option count '1'
        option size '56'
        option max_ttl '60'
        option timeout '2'
        option interval '20'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'

config member 'wan2_m100_w100'
        option interface 'wan2'
        option metric '100'
        option weight '100'

config interface 'wan3'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip '1.1.1.1'
        option track_method 'ping'
        option reliability '1'
        option count '1'
        option size '56'
        option max_ttl '60'
        option timeout '2'
        option interval '20'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'

config member 'wan3_m100_w100'
        option interface 'wan3'
        option metric '100'
        option weight '100'

Firewall config:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan2'
        list network 'wan3'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

tuanphat1493 · March 11, 2023, 4:13pm

@trendy Please help me

pavelgl · March 11, 2023, 5:18pm

You need to create a policy and a rule.

config policy 'wan2_only'
        list use_member 'wan2_m100_w100'
        option last_resort 'default'

config rule 'LAN_10_0_0_10'
        option proto 'all'
        option src_ip '10.0.0.10'
        option use_policy 'wan2_only'

The rule must be at the top of the list.

tuanphat1493 · March 11, 2023, 5:25pm

thanks but you mean this is rule for mwan3?

pavelgl · March 11, 2023, 5:28pm

That's exactly an mwan3 rule.

tuanphat1493 · March 11, 2023, 5:34pm

I do exactly what you tell me but first try it's show up wan ip of wan 2 is correct, but after refresh it's auto jump up random to wan ip of wan1 and wan3, it seems to be still under the influence of balanced

pavelgl · March 11, 2023, 5:36pm

What is the output of

mwan3 policies; mwan3 rules

tuanphat1493 · March 11, 2023, 5:40pm

haha, thanks now it's work, my mistake...

tuanphat1493 · March 12, 2023, 2:27pm

I just realized that what you said only works when I already have a balanced configuration between WANs, if I remove the balanced configuration, setting the LAN address for a particular WAN doesn't seem to work.

pavelgl · March 12, 2023, 2:47pm

Please post the mwan3 configuration when it doesn't work.

tuanphat1493 · March 12, 2023, 3:22pm

Hi, should I set the metric to each WAN? is it necessary?

pavelgl · March 12, 2023, 3:40pm

You need to set a default gateway and a different metric for each wan interface
(in /etc/config/network).

https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3#configure_a_different_metric_for_each_wan_interface

tuanphat1493 · March 13, 2023, 6:20am

thank..it's work for me. but can i bother you with one more thing? After setting each LAN to go through each WAN, it only uses the bandwidth of that WAN. (I have to set that so I can use each WAN IP separately) But is there a way to set the LAN to receive sticky IP WAN and the network will still run through the load balancing rule between the wans?

system · March 23, 2023, 6:21am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.