OpenWrt + MWan3 + 3CX (Mwan3: how configure to use only WanA for an application)

Installing and Using OpenWrt Network and Wireless Configuration
1

hello everybody,
I'd like to receive a little support from more skilled people then me on openwrt and MWan3.
Basically I am not able to configure Mwan3 in order to limit all the traffic generated from an
application, 3CX (phone voip), only on interface WanA.

The stating point is:

  • OpenWrt 19.07.5 r11257-5090152ae3
  • MWan3 version 2.8.15-1
  • luci-app-sqm version 1.4.0-2
  • 3 Wan (Wan = Adsl 20/1, WanB = 4G 13/13 , WanC ? 4G+ 130/30 )
  • MWan3 with load balancing A/B/C
  • SQM in Wan and WanB ("piece of cake")

target: on my wife laptop (my wedding depend on that) the application 3CX have to work using only Wan (the adsl line).
the info that I have are:

  • TCP port 5001 forwarded
  • TCP an UDP port 5090 forwarded

I tried firewall rule:

config redirect
	option dest_port '5090'
	option src 'wan'
	option name '3CX_5090_CT'
	option src_dport '5090'
	option target 'DNAT'
	option dest_ip '192.168.20.237'
	option dest 'lan'

config redirect
	option src 'wan'
	option src_dport '5001'
	option target 'DNAT'
	option dest_ip '192.168.20.237'
	option dest 'lan'
	list proto 'tcp'
	option name '3CX_5001_CT'

plus the Mwan3 Rule:

config rule 'only_WAN_3CX5090_CT'
	option src_port '5090'
	option dest_port '5090'
	option sticky '1'
	option timeout '120'
	option use_policy 'WAN_only'
	option proto 'TCP,UDP'
	option dest_ip '192.168.20.237/24'

config rule 'only_WAN_3CX5001_CT'
	option src_port '5001'
	option dest_port '5001'
	option sticky '1'
	option timeout '120'
	option use_policy 'WAN_only'
	option proto 'tcp'
	option dest_ip '192.168.20.237/24'

please some good soul help me ,
thank you
ciao
Antonio

2

I think your config is ok, just change dest_ip like this:

config rule 'only_WAN_3CX5090_CT'
    ............
	option dest_ip '192.168.20.237/32'

config rule 'only_WAN_3CX5001_CT'
    ............
	option dest_ip '192.168.20.237/32'

and are you sure the ip 192.168.20.237 assigned to your wife pc ?

3

Ciao Leeandy,
Thank you for your reply.

Actually the network is set to 192.168.20.xx and subnet mask 255.255.255.0,

so I think that /24 is correct,
But maybe Mohave to be to /32 (“like have a subnet to 255.255.255.255?”

I will try your suggestion tomorrow, thank you for the advice, I’ll report if works

4

'192.168.20.237/32' is mean to just one ip .237, /24 is that mean point to whole subnet. That is why your rule doesn't work.

6

Thank you Leeandy,
I applied your suggestion, and now we are watching the results, unlucky is a random issue on 3CX, so it will take a while..
As soon as we have solved this to 100%, I'll reply to close this thread.

Thank you for your support

1 Like
7

hello again everybody,
just a clarification on MWan3 Rule:
source: local lan address (example 192.168.20.240/32)
destination: remote address

I make confusion .. maybe I have to swap them.

That is correct?

Thank you in advance

image
image1041×682 50.5 KB