Hello, I'm trying to create a failover connection with USB LTE modem using openwrt + mwan3. My device is Linksys WRT3200ACM, openwrt with mwan3 were built yesterday from the trunk. I can ping both interfaces (main wan and the lte wan) from the router itself, when I start the mwan3 it works correctly (switches the wan when one is down), and the internet works from the router itself, but not from any other client in the network. As soon as I stop mwan3, everything works immediately again.
Traceroute from any client in the network hangs on the first line with mwan3 working.
Perhaps the fact that the LTE modem I'm using is on 192.168.8.1 address will be important.
My config:
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc5:46b6:6734::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option macaddr 'MY_MAC_HERE'
option ifname 'eth0.1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'pppoe'
option username 'some_username'
option password 'some_password'
option ipv6 'auto'
option keepalive '3 3'
option metric '10'
option dns '8.8.8.8 8.8.4.4'
option peerdns '0'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'lte'
option proto 'dhcp'
option ifname 'eth2'
option metric '20'
option peerdns '0'
option dns '8.8.4.4 8.8.8.8'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option conntrack '1'
option output 'ACCEPT'
option mtu_fix '1'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
option network 'wan wan6 lte'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
/etc/config/mwan3
config globals 'globals'
option mmx_mask '0x3F00'
option local_source 'lan'
config interface 'wan'
list track_ip '8.8.8.8'
list track_ip '8.8.4.4'
option enabled '1'
option reliability '1'
option count '1'
option timeout '2'
option interval '2'
option down '2'
option up '8'
config interface 'lte'
list track_ip '8.8.8.8'
list track_ip '8.8.4.4'
option enabled '1'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '10'
config policy 'wan_lte'
list use_member 'wan_m1_w1'
list use_member 'lte_m2_w2'
config member 'wan_m1_w1'
option interface 'wan'
option metric '1'
option weight '1'
config member 'lte_m2_w2'
option interface 'lte'
option metric '2'
option weight '2'
config rule 'default_rule'
option dest_ip '127.0.0.1/0'
option use_policy 'wan_lte'