Help needed - 2x WAN to 2x LAN setup

Installing and Using OpenWrt
1

Hello, I need some help with “my” setup

Scenraio:

2 internet providers - WAN1 and WAN2, 2 or 3 Local subnets - LAN1 LAN2 LAN3

LAN1+LAN3 must be routed via WAN1

and LAN2 must be routed via WAN2

I need some hints, or “best practices” how to do it on OpenWrt.

how to setup PBR??, or how to set firewall for “source address routing” etc …

Thanks for advice.

2

Some users use PBR for this. @egc always links a good guide he wrote. Most users return to reply quickly, thankful for the treatise.

I use a manual method of adding config route and config rule statements in the network config.

One question:

Are both ISPs DHCP, or is either static?

I believe you could alternatively make "SNAT" rules (under NAT tab on the LuCI web GUI). For example, the SRC IPs of LAN1 and LAN3 SNAT to IP of WAN1. And that of LAN2 to WAN2.

This would be preferable if your ISPs issue addresses dynamically (as I inquired about above).

1 Like
3

Not sure if SNAT will work but you might research mwan3 an openwrt package to use with multiple wan's

4

Booth ISP can offer address dynamically and they devices can be set as bridge..

but this is not what I wont.

It is set as ”router” and provide addresses from 10.x.x.x subnets.

so, I have static addresses on WANs 10.10.10.x and 10.0.0.x (DHCP is down on ISP’s devices)

5

Based on your description (which might be lacking), two independent -distinct and not interconnected- routers might be a more sensible approach?

6

It is a bit more complicated.

3x LAN subnets…

LAN1 and LAN2 must have access to LAN3, but LAN1 and LAN2 not together

(it was one company before, with “one router and internet connection”, now are two ..)

7

So, now I have set my router, static route was made, some rules also ..

but .. it’s not working …

I’m miss something … maybe .. I’m doing something wrong …

I need an advice / help with this …

Screenshot_20260319_183759
Screenshot_20260319_183759958×468 49.1 KB

Screenshot_20260319_183823
Screenshot_20260319_183823958×468 55.5 KB

8 
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd10:d4b8:9b9f::/48'
network.globals.packet_steering='1'
network.globals.dhcp_default_duid='00049260fa61e33e41f58bbc70e7d7cda24a'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth0.1'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.@device[1]=device
network.@device[1].name='eth0.2'
network.@device[1].macaddr='ff:ff:ff:00:00:00'
network.wan=interface
network.wan.device='eth0.5'
network.wan.proto='static'
network.wan.ipaddr='10.10.10.9'
network.wan.netmask='255.255.255.0'
network.wan.gateway='10.10.10.1'
network.wan.force_link='0'
network.wan.dns='10.10.10.1'
network.wan.metric='2'
network.wan.multipath='off'
network.wan.defaultroute='0'
network.wan6=interface
network.wan6.device='eth0.5'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.norelease='1'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='0'
network.@switch[1]=switch
network.@switch[1].name='switch1'
network.@switch[1].reset='1'
network.@switch[1].enable_vlan='1'
network.@switch[1].enable_vlan4k='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch1'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch1'
network.@switch_vlan[1].vlan='5'
network.@switch_vlan[1].ports='0 6t'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch1'
network.@switch_vlan[2].ports='4 6t'
network.@switch_vlan[2].vlan='4'
network.@switch_vlan[3]=switch_vlan
network.@switch_vlan[3].device='switch1'
network.@switch_vlan[3].ports='2 6t'
network.@switch_vlan[3].vlan='2'
network.@switch_vlan[4]=switch_vlan
network.@switch_vlan[4].device='switch1'
network.@switch_vlan[4].ports='3 6t'
network.@switch_vlan[4].vlan='3'
network.lan2=interface
network.lan2.proto='static'
network.lan2.device='eth0.2'
network.lan2.ipaddr='192.168.2.1'
network.lan2.netmask='255.255.255.0'
network.lan3=interface
network.lan3.proto='static'
network.lan3.device='eth0.3'
network.lan3.ipaddr='192.168.3.1'
network.lan3.netmask='255.255.255.0'
network.wan2=interface
network.wan2.proto='dhcp'
network.wan2.device='eth0.4'
network.wan2.metric='1'
network.wan2.multipath='off'
network.wan2.defaultroute='0'
network.@route[0]=route
network.@route[0].interface='wan'
network.@route[0].target='0.0.0.0/0'
network.@route[0].gateway='10.10.10.1'
network.@route[0].onlink='1'
network.@route[1]=route
network.@route[1].interface='wan2'
network.@route[1].target='0.0.0.0/0'
network.@route[1].gateway='192.168.0.1'
network.@rule[0]=rule
network.@rule[0].out='wan'
network.@rule[0].dest='0.0.0.0/0'
network.@rule[0].in='lan'
network.@rule[0].priority='1'
network.@rule[0].lookup='main'
network.@rule[1]=rule
network.@rule[1].priority='2'
network.@rule[1].in='lan2'
network.@rule[1].out='wan2'
network.@rule[1].dest='0.0.0.0/0'
network.@rule[1].lookup='main'
9

So, … it’s working now …

Mwan3 is used and configured …

with this user guide https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 - same as @egc provide…

and this https://gist.github.com/braian87b/97a186b2e11b5aa438d8fd17de0eab20

and this https://gist.github.com/braian87b/126f20a920e7aabdd495afc861c2a22c

are helpful also …

10

Great to hear you got it working :+1:

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

11

Some screenshots at the end …

Screenshot_20260322_211851
Screenshot_20260322_2118511049×859 96.8 KB

Screenshot_20260322_212158
Screenshot_20260322_2121581049×859 129 KB

Screenshot_20260322_212111
Screenshot_20260322_2121111049×859 101 KB

12

and status information

root@OpenWrt:~# mwan3 status
Interface status:
 interface wan is online and tracking is active (online 00h:26m:16s, uptime 00h:28m:35s)
 interface wan6 is unknown and tracking is down (31)
 interface wanb is online and tracking is active (online 00h:25m:45s, uptime 00h:28m:02s)
 interface wanb6 is unknown and tracking is down (31)

Current ipv4 policies:
balanced:
 wanb (50%)
 wan (50%)
wan_only:
 wan (100%)
wan_wanb:
 wan (100%)
wanb_only:
 wanb (100%)
wanb_wan:
 wanb (100%)

Current ipv6 policies:
balanced:
 unreachable
wan_only:
 unreachable
wan_wanb:
 unreachable
wanb_only:
 unreachable
wanb_wan:
 unreachable

Directly connected ipv4 networks:
192.168.0.0/24
192.168.0.39
127.0.0.1
192.168.0.255
192.168.1.0/24
192.168.1.255
127.255.255.255
10.10.10.0/24
127.0.0.0/8
192.168.3.255
192.168.2.0/24
192.168.3.1
10.10.10.9
192.168.1.1
192.168.2.1
192.168.2.255
224.0.0.0/3
10.10.10.255
192.168.3.0/24

Directly connected ipv6 networks:
fdb2:d833:93d2::/64
fdb2:d833:93d2:4::/64
fe80::/64
fd1e:649c:3a8c::/64
fdb2:d833:93d2::/48

Active ipv4 user rules:
  193 66108 - wan_only  0    --  *      *       192.168.1.0/24       0.0.0.0/0            
   77  4652 - wanb_only  0    --  *      *       192.168.2.0/24       0.0.0.0/0            
   10   400 S https  6    --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443 
  160 11404 - balanced  0    --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 S https  6    --  *      *       ::/0                 ::/0                 multiport dports 443 
  337 61806 - balanced  0    --  *      *       ::/0                 ::/0
13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.