Assumption: Mobile interface of openwrt device to be brought up, connected to very "sensitive" partner, in my case Verizon. It is a fact, that Verizon drops the mobile connection in case it receives "bad" packets, i.e. not properly NATted packets. This interface to Verizon (wwan, QMI) is one of 3 interfaces used in mwan3 for auto-failover, the other two are wan and wifiwan.
I have the effect, that the router can successfully connect to VZ for a few seconds, receiving an IP, but then the connection is dropped, when mwan3 is activated to manage the connection, which is only usable one this instant of time.
This only happens, in case I have a very "chatty" tablet connected to a LAN-port of the router. "Chatty", because it is an Android, busy to do DNS and Captive Portal Detection automatically.
Thus, I have the suspicion, that when mwan3 is doing its work temporarily firewall leaks "bad" packets to wwan, i.e. because of messing around with masquerading. Is this possible ? How to analyze this suspicion ?
My guess is that you need to block conntrack INVALID packets.
When the connection (route) is switched, all established NAT'ed TCP connections are essentially broken: from the conntrack standpoint they are not NEW, but they are not ESTABLISHED either, because the NAT destination has been changed.
Such packets of previously established connections (TCP ACKs) are sent without source IP masquerading (without NAT), as -t nat netfilter table receives only connections in NEW state.
So just go to Firewall settings and set "drop invalid packets" checkbox.
Good guess 
Did that already some time ago, and it drastically improoved overall situation. However, there is still a scenario, in which I suspect same problem: Having the very "chatty" (i.e. doing Captive Portal Detection) tablet PC connected to one of the LAN ports, AND wwan only possible connection to web, AND router is booted, for short period of time modem connection to Verizon established, and then it is dropped, when mwan3 doing its work. Actually, working to implement dedicated ether-interface for this tablet. Interface to be activated only AFTER wwan connected according to mwan3. Which should avoid any premature data packets.
Not shure, when mwan3 has done its job. For this ref. my question Mwan3.user connected: Steady state?