You may need to make 2 routes instead:
config route
option interface 'wwan'
option target '0.0.0.0'
option netmask '128.0.0.0'
option gateway '192.168.0.x'
option table '2'
config route
option interface 'wwan'
option target '128.0.0.0'
option netmask '128.0.0.0'
option gateway '192.168.0.x'
option table '2'
config rule
option in 'lan2'
option dest '0.0.0.0/0'
option priority '2'
option lookup '2'
This is so you don't accidentally erase 0.0.0.0/0 on WAN.
0.0.0.0/1 + 128.0.0.0/1 == 0.0.0.0/0
Also if forwarding from LAN2 to WAN is turned on, REMOVE it.
If you can statically address WWAN and not use a gateway, this would help, as you're making the gateway on routing table No. 2
Hegabo
February 18, 2019, 1:44am
22
Yeah, I thought it would be so I edited my post, but it looks like did so after you have quoted me.
Ok thanks for the work just applied the config.
Where do I check this?
The wwan it was already static, it'll be a problem now?
If wwan is static, that's wonderful. Use no gateway IP on WWAN config, and you can simply use one route rule for 0.0.0.0 mask 0.0.0.0.
config route
option interface 'wwan'
option target '0.0.0.0'
option netmask '0.0.0.0'
option gateway '192.168.0.1'
option table '2'
blackgarnett:
Where do I check this?
You would:
make sure you permit forwarding from lan2 to WWAN
and make sure that there is NO LAN to WWAN here:
To do this, you will need to place WWAN in its own Firewall Zone
So do I erase the two config route from early and place this one?
lleachii:
make sure you permit forwarding from lan2 to WWAN
and make sure that there is NO LAN to WWAN here:
update: I reach the minimum post lol sorry.
blackgarnett:
make sure you permit forwarding from lan2 to WWAN
and make sure that there is NO LAN to WWAN here:
The default firewall is like this, so should I make what u stated?
You probably also need to make lan2 its own firewall zone as well so you can permit forwarding from lan2 > wwan.
so it will be like this?
Like that?
I'm getting no upstream in test,
A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.
I got a message limit too, and it just let me sent 1, just made this to reply lol, both SSID were working on different internet, but I have no upstream (couldn't make speedtest, upload any file or even open any online game)
A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.
A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.
Tried yesterday erasing the firewall config and leaving it as it was in default and nothing, still no luck, there's no upstream in any of the SSID. What do you think it can be causing it?
That's, correct. also I downloaded a Backup in any case you need any info of the config files.
ip route show table 2; ip rule show
ip route show table 2; ip rule show
default via 192.168.0.1 dev wlan0
0: from all lookup local
2: from all iif br-LAN2 lookup 2
32766: from all lookup main
32767: from all lookup default
EDIT: yes the ip route show table 2 show this "default via 192.168.0.1 dev wlan0 "
and the ip rule show this
0: from all lookup local
2: from all iif br-LAN2 lookup 2
32766: from all lookup main
32767: from all lookup default
I assume you also ran ip route show table 2
. If so, table 2 doesn't have a route for 0.0.0.0/0 via WWAN. Fix this.
In /etc/config/network
config route
option interface 'wwan'
option target '0.0.0.0'
option netmask '0.0.0.0'
option gateway '192.168.0.1'
option table '2'
Did you use uppercase for WWAN???
It's hard to follow when you cheat the posting limit by editing your posts - I see you have a route on table 2.
Yes I do, it also appear in Status / Routes
Network - Target - IPv4-Gateway - Metric - Table
wlan0 - 0.0.0.0/0 - 192.168.0.1 - 0 - 2
As I can't upload a photo I'll paste the info in firewall config file.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
option input 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone
option name 'lan2'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'LAN2'
option forward 'ACCEPT'
config zone
option name 'wwan'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'wwan'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'wwan'
option src 'lan2'
Yes it's enable, masquerade and MSS clamping, as you told me to place the config as WAN
I said I understand.
Please edit and show me the general firewall rules.
Do you have masquerade enabled on the WWAN zone?
Yes, the firewall config is above
Had any chance to take a look the firewall config?
ip route show; ifconfig wlan0; ip route show table 2
1 Like