Redirect gateway to third party device for monitoring

I currently run my home network served by a OpenWRT default gateway. For testing, I installed nTopng in a Linux BOX (raspberry pi) for traffic monitoring, and thought aboud using raspberrypi as the default gateway of my home network, enabling ipv4 forwarding on it, so that it then redirect the internet traffic to my main router, after passing by.

I tried to change manually my default router settings in some of my clients, but I got very poor performance (I have 300 Mbps fiber, and I could test something about 10 Mbps). Mobile devices have reported no internet connectivity sometimes. Running speedtest-cli on my Raspberry Pi, reports speeds of ~300 Mbps so it is reaching fullspeed.

I though that it could be caused because a path difference for inbound and outbound traffic:
For going outside I would go from mobile device -> raspberry pi (default gateway) -> OpenWRT (internet gateway)
The reverse would be OpenWRT -> mobile device (since they are all on the same LAN network, there is no need to go back through the raspberry pi).

Then I performed forced ARP spoofing from specific devices (lets say mobile devices for this thread purpose), spoffing the Defalt Gateway to be Raspberry Pi, and also spoofing the reverse path so that OpenWRT thinks that mobile device is actually raspberry pi, but I had similar results (poor performance).

I have tried changing raspberry pi for other linux devices, and also played with standard configuration on sysctl.conf. Also tried windows computers to be the client, but the results are always the same.

What makes me believe it is a path problem, is that running a speedtest (fast.com, for example) reports slow speeds (~10 Mbps) while task manager reports network utilization above 300 Mbps (expected behavior for my internet link).

Can somebody help with this case, explaning if this is the expected behavior, if there is some workaround that I can apply for this to work, or if there is another way to achieve this result?

Tks

• Are you saying you setup both routers in the same LAN subnet?
• BTW, this means you have asymmetric traffic, not sure how it's (i.e. inbound traffic) being monitored

Adding an additional router, in principle, will not affect your speeds. However, that “in principle” aspect becomes much more complicated when you are talking about real hardware and potential hardware limitations.

Specifically, you mentioned that your are using a Pi… are you attempting to use wifi on that Pi? If so, that will almost certainly be the problem — wifi on all Raspberry Pi devices is going to perform very poorly (regardless of your OS/firmware) due to the fact that the wifi chipset is really low end.

So, a key question is the physical topology of your network — how are things connected?

Next, what is the purpose of the OpenWrt router if you are putting another router in-line? Typically, you only need a single router, so unless you don’t trust the security of a given router, there’s rarely a reason to cascade two of them in a double-NAT configuration.

Even rarer to do this:

Outbound:

192.168.1.1 (OpenWrt LAN) <> 192.168.1.x (monitor router WAN) <> 192.168.1.y (monitor router LAN) <> Client 192.168.1.z

Reply:

192.168.1.1 (OpenWrt) <> Client 192.168.1.z

I'm thinking the OP means the Pi WAN and LAN interfaces are both in the OpenWrt's LAN network.

If the two routers are indeed on the same subnet, that will generally break things, so that would certainly be bad.

The asymmetric routing can be mitigated by Masquerading the outgoing traffic of the Pi.

You do get a performance hit but a modern Pi should be able to handle it I think.

I have tried with raspberry pi and also other linux with gigabit capabilities (of course I prefer to keep RPi, since it is low power and low profile).

Like the raspberry pi, the linux host (monitoring router) has only one LAN port. I could have internet working in this scenario by enabling ipv4 forwarding.

It does not seem to be hardware limitation, since 10 Mbps is too slow for an 8-core/16G RAM computer with gigabit ethernet.

I use another box (FriendlyARM R4S/ 6-core /4GB RAM board) as my main router because this one has WAN and LAN ports (I need it to connect to the ONT/Fiber converter). Here is a simple diagram:

Since my network is Gigabit capable (and tested with iPerf3) I would expect to reach the speeds of 300 Mbps at least with this setup, without hardware limitation...

I understand that an appropriate way to achieve what I want is to use another switch with port mirroring capabilities to monitor this traffic, but unfortunatelly buying such equipment is out of my reach now.

How could I test this?

A managed switch with port mirroring really is the correct way to do what you are attempting here. There are some such switches that can be purchased relatively inexpensively in most places — especially if you opt for a small (5 or 8 port) switch and/or consider the used market.

But, this issue really isn’t related to OpenWrt. Even though your main router is running OpenWrt, the secondary router — the one you are asking about — is not. Therefore, the methods by which that router could be used for this purpose (and the expected performance) would really be a question for the people/users who know the particular Linux distribution you are using on the Pi (and/or ntopng).

Yes I understand...

Unfortunatelly, for my case it should be a managed gigabit switch... A little bit hard to find in Brazil for an inexpensive value...

My question in this place was aligned to the expectation to have a workaround that could be applied in OpenWRT, for example, assuming the issue was related to asymmetric routing (some kind of modification in the arp table, so that OpenWRT would see only the linux/Pi - just a guess).

Tks

There really isn’t much you can do here except to point the clients at the pi as their gateway and then tell the pi to use the openwrt router. But the specifics about how the pi’s os handles this routing and logging and how to mitigate speed issues is outside the scope of these forums.

That said, what do you hope to gain here? Most internet traffic is encrypted in some way (such as https for the web) so you can get the information about the destination and volume of traffic, but that is about all (you won’t be able to get any info about the data itself since it is encrypted in most cases).

You can get destination information by other means, though - think dns like pihole or ad guard home. Would that be useful?

Ok, thanks!

I ended up running dockerized ntopng in openwrt and I managed to achieve what I wanted, even if in a different way.

Great!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.