Mwan3 and wan firewall zones not properly loading balance

thecil · May 12, 2019, 2:42am

Hello guys, facing this little issue, i have 3 wan interfaces, each on a proper vlan, the big difference is that i have to asign a firewall zone for every wan interface,since i need it in order to get WIFI only use wan2.
I have set (i think properly) every firewall zone for each wan, also set lan zone to forward dest those 3 wan zones, wifi is properly working only on wan2, LAN zone should be able to use or connect with the 3 wans.

Problem is now mwan3 is not properly loading balance, every time i try to download something (ubuntu iso for this download test), its now only using wan1 in the download.
If i disable the wan1 interface, it goes directly to wan2 without any problem, but when boths active, my download is only using wan1.
My configs files:
Mwan3

config globals 'globals'
	option mmx_mask '0x3F00'
	option local_source 'lan'

config interface 'wan'
	option enabled '1'
	list track_ip '8.8.4.4'
	list track_ip '8.8.8.8'
	list track_ip '208.67.222.222'
	list track_ip '208.67.220.220'
	option family 'ipv4'
	option reliability '2'
	option count '1'
	option timeout '2'
	option failure_latency '1000'
	option recovery_latency '500'
	option failure_loss '20'
	option recovery_loss '5'
	option interval '5'
	option down '3'
	option up '8'

config interface 'wanb'
	list track_ip '8.8.8.8'
	list track_ip '208.67.220.220'
	option family 'ipv4'
	option reliability '1'
	option count '1'
	option timeout '2'
	option interval '5'
	option down '3'
	option up '8'
	option enabled '1'
	option initial_state 'online'
	option track_method 'ping'
	option size '56'
	option check_quality '0'
	option failure_interval '5'
	option recovery_interval '5'
	option flush_conntrack 'never'

config interface 'wanc'
	list track_ip '8.8.8.8'
	list track_ip '208.67.220.220'
	option family 'ipv4'
	option reliability '1'
	option count '1'
	option timeout '2'
	option interval '5'
	option down '3'
	option up '8'
	option initial_state 'online'
	option track_method 'ping'
	option size '56'
	option check_quality '0'
	option failure_interval '5'
	option recovery_interval '5'
	option flush_conntrack 'never'
	option enabled '1'

config member 'wan_m1_w2'
	option interface 'wan'
	option metric '1'
	option weight '2'

config member 'wan_m1_w3'
	option interface 'wan'
	option metric '1'
	option weight '3'

config member 'wan_m1_w4'
	option interface 'wan'
	option metric '1'
	option weight '4'

config member 'wan_m2_w1'
	option interface 'wan'
	option metric '2'
	option weight '1'

config member 'wanb_m1_w2'
	option interface 'wanb'
	option metric '1'
	option weight '2'

config member 'wanb_m1_w3'
	option interface 'wanb'
	option metric '1'
	option weight '3'

config member 'wanb_m1_w4'
	option interface 'wanb'
	option metric '1'
	option weight '4'

config member 'wanb_m2_w1'
	option interface 'wanb'
	option metric '2'
	option weight '1'

config member 'wanc_m1_w2'
	option interface 'wanc'
	option metric '1'
	option weight '2'

config member 'wanc_m1_w3'
	option interface 'wanc'
	option metric '1'
	option weight '3'

config member 'wanc_m1_w4'
	option interface 'wanc'
	option metric '1'
	option weight '4'

config member 'wanc_m2_w1'
	option interface 'wanc'
	option metric '2'
	option weight '1'

config policy 'wan_only'
	list use_member 'wan_m2_w1'

config policy 'wanb_only'
	list use_member 'wanb_m2_w1'

config policy 'wanc_only'
	list use_member 'wanc_m2_w1'

config policy 'then_1_2'
	list use_member 'wan_m1_w2'
	list use_member 'wanb_m2_w1'

config policy 'then_2_1'
	list use_member 'wanb_m1_w2'
	list use_member 'wan_m2_w1'

config policy 'more_12'
	list use_member 'wan_m1_w4'
	list use_member 'wanb_m1_w3'

config policy 'more_321'
	list use_member 'wanc_m1_w4'
	list use_member 'wanb_m1_w3'
	list use_member 'wan_m1_w2'

config policy 'more_123'
	list use_member 'wan_m1_w4'
	list use_member 'wanb_m1_w3'
	list use_member 'wanc_m1_w2'

config rule 'guest_wanb'
	option sticky '1'
	option src_ip '10.0.30.0/24'
	option proto 'all'
	option use_policy 'wanb_only'

config rule 'https'
	option sticky '1'
	option dest_port '443'
	option proto 'tcp'
	option use_policy 'more_123'

config rule 'default_rule'
	option dest_ip '0.0.0.0/0'
	option use_policy 'more_123'

Network


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd18:1e70:b8d4::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.0.10.1'
	option delegate '0'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'dhcp'
	option metric '10'
	option delegate '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0 1 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '3 6t'

config interface 'wanb'
	option proto 'dhcp'
	option delegate '0'
	option metric '20'
	option ifname 'eth1.3'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option ports '2 6t'

config interface 'guest'
	option proto 'static'
	option ipaddr '10.0.30.1'
	option netmask '255.255.255.0'
	option dns '208.67.220.123 208.67.222.123'

config interface 'wanc'
	option proto 'dhcp'
	option ifname 'eth1.4'
	option delegate '0'
	option metric '30'

Firewall


config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'
	option family 'ipv4'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config zone
	option name 'wanb'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'wanb'
	option input 'REJECT'
	option masq '1'
	option mtu_fix '1'

config zone
	option name 'wanc'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'wanc'
	option input 'REJECT'
	option masq '1'
	option mtu_fix '1'

config zone
	option name 'guest'
	option output 'ACCEPT'
	option network 'guest'
	option input 'REJECT'
	option forward 'REJECT'

config rule
	option name 'SSH/LUCI-Only-Device'
	option src 'lan'
	option family 'ipv4'
	option proto 'tcp'
	option dest_port '22 80'
	option target 'ACCEPT'
	option src_ip '10.0.10.171 10.0.10.243 10.0.10.232 10.0.10.156'
	option enabled '0'

config rule
	option name 'SSH/LUCI-REJECT-LAN'
	option src 'lan'
	option proto 'tcp'
	option dest_port '22 80'
	option target 'REJECT'
	option enabled '0'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCP-Renew-Wanb'
	option src 'wanb'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping-Wanb'
	option src 'wanb'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP-Wanb'
	option src 'wanb'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCP-Renew-Wanc'
	option src 'wanc'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping-Wanc'
	option src 'wanc'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP-Wanc'
	option src 'wanc'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'
	option name 'Guest DNS'
	option src 'guest'
	option start_time '05:00:00'
	option stop_time '00:00:00'

config rule
	option target 'ACCEPT'
	option dest_port '67-68'
	option name 'Guest DHCP'
	option src 'guest'
	option proto 'udp'
	option start_time '05:00:00'
	option stop_time '00:00:00'

config forwarding
	option dest 'wanb'
	option src 'guest'

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config include
	option path '/etc/firewall.user'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config include 'bcp38'
	option type 'script'
	option path '/usr/lib/bcp38/run.sh'
	option family 'IPv4'
	option reload '1'

config forwarding
	option dest 'wan'
	option src 'lan'

config forwarding
	option dest 'wanb'
	option src 'lan'

config forwarding
	option dest 'wanc'
	option src 'lan'

Let me know if u guys need anything else, or if im missing something in my configs files.
Thanks guys.
PD: wanc or wan3 will not be used yet, still the port must be configured since i will use a LTE modem on that port soon. (mostly has a failover interface)
At least i would like to have my 2 first wan interfaces properly balanced on mwan3 and only LAN would be able to use 3 wans, wifi (guest) is properly using wan2 only.

leeandy · May 12, 2019, 5:30am

When you download via a secure connection(example https at port 443), this connection needs a fixed wan ip address so that it does not fail, therefore load balancing will not work.
Another thing is that load balancing works only with programs that create multiple sessions(ex: download manager, torrents).
Have you tried downloading with websites that don't use secure connections ?
Why do you put wans in different zones ? Why not put that wans into one zone ?

thecil · May 12, 2019, 5:53am

hello leeandy, i forgot to put that info:
i have tried torrents with enough seeds to be able to secure multiple connections with my 2 wan, still same issue.
I try download one of those last episodes of GOT, since they have enough seeds and leechs.
im also using internet download manager with 16 connections max in order to know if my mwan3 is working, but its shows the same issue.

Why i need wans on different zones? easy, i need to be able to force WIFI to only use wan2, in future i will need to get WIFI use only wan2 and wan3, so:

if i put them in a different zone (lets call it wan2-3)
i create DHCP, DNS and PING rules on firewall for the new zone
then set the WIFI zone to get dest forwarding from "wan2-3"
i set LAN zone to get dest forwarding from "wan zone" and "wan2-3 zone"

when i do these, my wifi is able to connect with wan2 and never goes through wan1, in theory, LAN zone is able to connect with wan1 and wan2-3, something is missing, since only can download from 1 source, regardless is with internet download manager or torrent.

leeandy · May 12, 2019, 6:19am

I don't see any issues on your mwan configuration. What version of mwan are you using ?
Pls using mwan status troubleshooting & post it here.

thecil · May 12, 2019, 6:39am

im using a fresh david502 firmware for wrt3200acm, i do not know the version of my mwan3 but is brandly new (less than 2 weeks installed)
Heres the mwan3 status troubleshooting


Software-Version
-------------------------------------------------
OpenWrt - OpenWrt SNAPSHOT r9886-399aa0b933
LuCI - f138fc93


Output of "ip a show"
-------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 532
    link/ether 24:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::26f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether 26:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::24f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
6: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether ce:81:5e:b3:a8:d6 brd ff:ff:ff:ff:ff:ff
7: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether e6:d6:b4:c1:af:53 brd ff:ff:ff:ff:ff:ff
8: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 3a:6c:1c:16:36:5e brd ff:ff:ff:ff:ff:ff
11: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/void 
12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 26:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.1/24 brd 10.0.10.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd18:1e70:b8d4::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::24f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
13: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 26:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
14: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 24:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet 201.208.237.98/19 brd 201.208.255.255 scope global eth1.2
       valid_lft forever preferred_lft forever
    inet6 fe80::26f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
15: eth1.3@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 24:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.156/24 brd 10.0.4.255 scope global eth1.3
       valid_lft forever preferred_lft forever
    inet6 fe80::26f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
16: eth1.4@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 24:f5:a2:c0:07:38 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.156/24 brd 10.0.1.255 scope global eth1.4
       valid_lft forever preferred_lft forever
    inet6 fe80::26f5:a2ff:fec0:738/64 scope link 
       valid_lft forever preferred_lft forever
23: ifb4eth1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN group default qlen 32
    link/ether 12:1e:98:9f:3b:1a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::101e:98ff:fe9f:3b1a/64 scope link 
       valid_lft forever preferred_lft forever


Output of "ip route show"
-------------------------------------------------
default via 201.208.224.1 dev eth1.2 proto static src 201.208.237.98 metric 10 
default via 10.0.4.1 dev eth1.3 proto static src 10.0.4.156 metric 20 
default via 10.0.1.1 dev eth1.4 proto static src 10.0.1.156 metric 30 
10.0.1.0/24 dev eth1.4 proto static scope link metric 30 
10.0.4.0/24 dev eth1.3 proto static scope link metric 20 
10.0.10.0/24 dev br-lan proto kernel scope link src 10.0.10.1 
201.208.224.0/19 dev eth1.2 proto static scope link metric 10


Output of "ip rule show"
-------------------------------------------------
0:	from all lookup local 
1001:	from all iif eth1.2 lookup 1 
1002:	from all iif eth1.3 lookup 2 
1003:	from all iif eth1.4 lookup 3 
2001:	from all fwmark 0x100/0x3f00 lookup 1 
2002:	from all fwmark 0x200/0x3f00 lookup 2 
2003:	from all fwmark 0x300/0x3f00 lookup 3 
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
32766:	from all lookup main 
32767:	from all lookup default


Output of "ip route list table 1-250"
-------------------------------------------------
Table 1: default via 201.208.224.1 dev eth1.2 metric 10 
10.0.1.0/24 dev eth1.4 proto static scope link metric 30 
10.0.4.0/24 dev eth1.3 proto static scope link metric 20 
10.0.10.0/24 dev br-lan proto kernel scope link src 10.0.10.1 
201.208.224.0/19 dev eth1.2 proto static scope link metric 10
Table 2: default via 10.0.4.1 dev eth1.3 metric 20 
10.0.1.0/24 dev eth1.4 proto static scope link metric 30 
10.0.4.0/24 dev eth1.3 proto static scope link metric 20 
10.0.10.0/24 dev br-lan proto kernel scope link src 10.0.10.1 
201.208.224.0/19 dev eth1.2 proto static scope link metric 10
Table 3: default via 10.0.1.1 dev eth1.4 metric 30 
10.0.1.0/24 dev eth1.4 proto static scope link metric 30 
10.0.4.0/24 dev eth1.3 proto static scope link metric 20 
10.0.10.0/24 dev br-lan proto kernel scope link src 10.0.10.1 
201.208.224.0/19 dev eth1.2 proto static scope link metric 10


Output of "iptables -L -t mangle -v -n"
-------------------------------------------------
Chain PREROUTING (policy ACCEPT 1251 packets, 309K bytes)
 pkts bytes target     prot opt in     out     source               destination         
1440K  814M mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 290 packets, 26474 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 950 packets, 282K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13   676 TCPMSS     tcp  --  *      eth1.2  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
    8   416 TCPMSS     tcp  --  *      eth1.3  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wanb MTU fixing */ TCPMSS clamp to PMTU
   17   884 TCPMSS     tcp  --  *      eth1.4  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wanc MTU fixing */ TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 246 packets, 62562 bytes)
 pkts bytes target     prot opt in     out     source               destination         
40947 8174K mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 1209 packets, 345K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain mwan3_connected (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 665K  710M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected dst MARK or 0x3f00

Chain mwan3_hook (2 references)
 pkts bytes target     prot opt in     out     source               destination         
1481K  822M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0x3f00
37333 4919K mwan3_ifaces_in  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
22056 1734K mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
18458 1508K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
1481K  822M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0x3f00
1335K  796M mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0x3f00/0x3f00

Chain mwan3_iface_in_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   68  3448 MARK       all  --  eth1.2 *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
14201 3066K MARK       all  --  eth1.2 *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan */ MARK xset 0x100/0x3f00

Chain mwan3_iface_in_wanb (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  eth1.3 *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
    0     0 MARK       all  --  eth1.3 *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanb */ MARK xset 0x200/0x3f00

Chain mwan3_iface_in_wanc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  855 87459 MARK       all  --  eth1.4 *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
    2   168 MARK       all  --  eth1.4 *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanc */ MARK xset 0x300/0x3f00

Chain mwan3_ifaces_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
37175 4896K mwan3_iface_in_wan  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
16866 1315K mwan3_iface_in_wanc  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
   77  5179 mwan3_iface_in_wanb  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00

Chain mwan3_policy_more_12 (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 statistic mode random probability 0.42799999984 /* wanb 3 7 */ MARK xset 0x200/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan 4 4 */ MARK xset 0x100/0x3f00

Chain mwan3_policy_more_123 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   13  1022 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 statistic mode random probability 0.22200000007 /* wanc 2 9 */ MARK xset 0x300/0x3f00
   17  1272 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 statistic mode random probability 0.42799999984 /* wanb 3 7 */ MARK xset 0x200/0x3f00
   19  1388 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan 4 4 */ MARK xset 0x100/0x3f00

Chain mwan3_policy_more_321 (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 statistic mode random probability 0.22200000007 /* wan 2 9 */ MARK xset 0x100/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 statistic mode random probability 0.42799999984 /* wanb 3 7 */ MARK xset 0x200/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanc 4 4 */ MARK xset 0x300/0x3f00

Chain mwan3_policy_then_1_2 (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan 2 2 */ MARK xset 0x100/0x3f00

Chain mwan3_policy_then_2_1 (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanb 2 2 */ MARK xset 0x200/0x3f00

Chain mwan3_policy_wan_only (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan 1 1 */ MARK xset 0x100/0x3f00

Chain mwan3_policy_wanb_only (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanb 1 1 */ MARK xset 0x200/0x3f00

Chain mwan3_policy_wanc_only (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wanc 1 1 */ MARK xset 0x300/0x3f00

Chain mwan3_rule_guest_wanb (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 MARK xset 0x200/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x200/0x3f00 ! match-set mwan3_sticky_guest_wanb src,src MARK and 0xffffc0ff
    0     0 mwan3_policy_wanb_only  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
    0     0 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 del-set mwan3_sticky_guest_wanb src,src
    0     0 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 add-set mwan3_sticky_guest_wanb src,src

Chain mwan3_rule_https (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   104 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 MARK xset 0x300/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x300/0x3f00 ! match-set mwan3_sticky_https src,src MARK and 0xffffc0ff
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 MARK xset 0x200/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x200/0x3f00 ! match-set mwan3_sticky_https src,src MARK and 0xffffc0ff
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 MARK xset 0x100/0x3f00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x100/0x3f00 ! match-set mwan3_sticky_https src,src MARK and 0xffffc0ff
    0     0 mwan3_policy_more_123  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
    2   104 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 del-set mwan3_sticky_https src,src
    2   104 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 add-set mwan3_sticky_https src,src

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 mwan3_rule_guest_wanb  all  --  *      *       10.0.30.0/24         0.0.0.0/0            mark match 0x0/0x3f00 /* guest_wanb */
    2   104 mwan3_rule_https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 mark match 0x0/0x3f00 /* https */
   49  3682 mwan3_policy_more_123  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* default_rule */

Chain qos_Default (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xf
    0     0 qos_Default_ct  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf0 length 0:500 MARK xset 0x22/0xff
    0     0 MARK       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x11/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf0 tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x44/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf0 udp spts:1024:65535 dpts:1024:65535 MARK xset 0x44/0xff
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0xff

Chain qos_Default_ct (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf tcp multiport ports 22,53 /* ssh, dns */ MARK xset 0x11/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf udp multiport ports 22,53 /* ssh, dns */ MARK xset 0x11/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf tcp multiport ports 20,21,25,80,110,443,993,995 /* ftp, smtp, http(s), imap */ MARK xset 0x33/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf tcp multiport ports 5190 /* AOL, iChat, ICQ */ MARK xset 0x22/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xf udp multiport ports 5190 /* AOL, iChat, ICQ */ MARK xset 0x22/0xff
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0xff

leeandy · May 12, 2019, 7:07am

Well, so your mwan version is 2.7.12 with snapshot build, in this version the "option local_source lan" is no longer used. Try delete & change to: (more info: https://git.openwrt.org/?p=feed/packages.git;a=commit;h=ac5895cd7f9ab6e4e7b63b86b9faf3f6fa9d8917)

config globals 'globals'
        option mmx_mask '0x3F00'
        option rtmon_interval '5'

to check version mwan with command:

opkg list-installed |grep mwan3
luci-app-mwan3 - git-19.129.22735-62d8a4f-1
mwan3 - 2.7.12-1

thecil · May 12, 2019, 4:17pm

hey leeandy, i left the pc downloading torrents in order to test all night if is able to balance at least wan1 and wan2, looks like problem solve, i ask a neighborhood to lend me for that night his access to his wifi,
i program an old wr841n router i have with openwrt to make has client with is wifi, and then use it has wan 3.

After all night, it looks it was able to balance some traffic, so it looks like its loading balance proplery.
Thank you sir, i will apply the fix you told me and let u know if something goes better or wrong.

PD: at /etc/hotplug.d/iface/ i have "15-mwan3" , "16-mwan3" and "16-mwan3-user"...should i delete those 3 files or just the one starting with 15?

leeandy · May 12, 2019, 10:51pm

Just delete the line "option local_sourece 'lan' " in mwan3 configuration and replace by "option rtmon_interval '5' "

system · May 22, 2019, 10:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.