[Help] Route WAN and WWAN with differents SSID?

You may need to make 2 routes instead:

config route                
        option interface 'wwan'
        option target '0.0.0.0'
        option netmask '128.0.0.0'      
        option gateway '192.168.0.x'
        option table '2'

config route                
        option interface 'wwan'
        option target '128.0.0.0'
        option netmask '128.0.0.0'      
        option gateway '192.168.0.x'
        option table '2'

config rule                          
        option in 'lan2'         
        option dest '0.0.0.0/0'       
        option priority '2'          
        option lookup '2'

This is so you don't accidentally erase 0.0.0.0/0 on WAN.

0.0.0.0/1 + 128.0.0.0/1 == 0.0.0.0/0

  • Also if forwarding from LAN2 to WAN is turned on, REMOVE it.
  • If you can statically address WWAN and not use a gateway, this would help, as you're making the gateway on routing table No. 2

Yeah, I thought it would be so I edited my post, but it looks like did so after you have quoted me.

Ok thanks for the work just applied the config.

route

Where do I check this?

The wwan it was already static, it'll be a problem now?

If wwan is static, that's wonderful. Use no gateway IP on WWAN config, and you can simply use one route rule for 0.0.0.0 mask 0.0.0.0.

config route                
        option interface 'wwan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'      
        option gateway '192.168.0.1'
        option table '2'

You would:

  • make sure you permit forwarding from lan2 to WWAN
  • and make sure that there is NO LAN to WWAN here:

  • To do this, you will need to place WWAN in its own Firewall Zone

So do I erase the two config route from early and place this one?


update: I reach the minimum post lol sorry.

The default firewall is like this, so should I make what u stated?

  • You probably also need to make lan2 its own firewall zone as well so you can permit forwarding from lan2 > wwan.

so it will be like this?


Like that?


I'm getting no upstream in test,

A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.

Your choice, as I noted:

:+1:

  • You probably also need to make lan2 its own firewall zone as well so you can permit forwarding from lan2 > wwan.
1 Like
  • Go to Network > Interfaces
  • Go to WWAN
  • Make a new firewall zone for wwan
  • Go to LAN2
  • Make a new firewall zone for lan2
  • Go back to firewall settings
  • setup WWAN like wan
  • setup LAN2 like lan
  • Permit forwarding from lan2 to wwan
  • Simple
1 Like
  • Send me a private message, from your last posting, you have not yet made new zones for WWAN or LAN2.
1 Like

I got a message limit too, and it just let me sent 1, just made this to reply lol, both SSID were working on different internet, but I have no upstream (couldn't make speedtest, upload any file or even open any online game)

A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.

A socket error occurred during the upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later.

Tried yesterday erasing the firewall config and leaving it as it was in default and nothing, still no luck, there's no upstream in any of the SSID. What do you think it can be causing it?

Just to confirm:

  • You began with a default OpenWrt device
  • You setup your Wired WAN as normal (i.e. plugging it in)
  • You setup WWAN as static with no gateway
  • You configured a 0.0.0.0/0 route and rule on table 2 for lan2 to use WWAN
  • You permitted forwarding from lan2 to WWAN
  • WWAN is actually associated

That's, correct. also I downloaded a Backup in any case you need any info of the config files.

ip route show table 2; ip rule show

ip route show table 2; ip rule show

default via 192.168.0.1 dev wlan0 
0:      from all lookup local
2:      from all iif br-LAN2 lookup 2
32766:  from all lookup main
32767:  from all lookup default

EDIT: yes the ip route show table 2 show this "default via 192.168.0.1 dev wlan0 "

and the ip rule show this

0:      from all lookup local
2:      from all iif br-LAN2 lookup 2
32766:  from all lookup main
32767:  from all lookup default

I assume you also ran ip route show table 2. If so, table 2 doesn't have a route for 0.0.0.0/0 via WWAN. Fix this.

In /etc/config/network

config route                
        option interface 'wwan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'      
        option gateway '192.168.0.1'
        option table '2'
  • Did you use uppercase for WWAN???

It's hard to follow when you cheat the posting limit by editing your posts - I see you have a route on table 2.

Yes I do, it also appear in Status / Routes

Network -	Target -	IPv4-Gateway -	Metric	-  Table
wlan0 -	0.0.0.0/0	 - 192.168.0.1  -	0	            -      2

As I can't upload a photo I'll paste the info in firewall config file.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'
	option input 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config zone
	option name 'lan2'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option network 'LAN2'
	option forward 'ACCEPT'

config zone
	option name 'wwan'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'wwan'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option dest 'wwan'
	option src 'lan2'

Yes it's enable, masquerade and MSS clamping, as you told me to place the config as WAN

:point_up: :point_up:

I said I understand.

Please edit and show me the general firewall rules.

  • Do you have masquerade enabled on the WWAN zone?

Yes, the firewall config is above

Had any chance to take a look the firewall config?

ip route show; ifconfig wlan0; ip route show table 2

1 Like