Routing all external traffic from one specific machine to a particular WAN interface

Hello ! I'm looking for some help with setting up a route from a specific machine to a particular interface.

I'm using an Edgerouter-x with 19.07 installed.

Current configuration is like this:

  • all machines on the same subnet
  • one single physical wan connection (one modem to the wall socket)
  • machines are using dhcp but I can set static IPs if needed

The wan side is configured as follows:

  • one PPPoE interface with IPv4 only (IPv6 is explicitely disabled on it) with provider A
  • one DHCPv6 client interface with provider B (no IPv4 access except from MAP-E below)
  • one 4over6 interface (MAP-E tunnel with map) for the v6 client interface to enable v4 traffic
  • the 4over6 interface is the main connection, the PPPoE interface is currently disabled until I can set everything up properly.

The above setup currently works flawlessly.

What I would like to do is the following:

  • all outgoing traffic to wan from all devices should go through provider B (the 4over6 interface)
  • except for one specific machine on the network whose outgoing traffic to wan should go through provider A (the PPPoE interface)
  • all devices should still be able to access the specific machine on the LAN network

I tried fiddling with iptables and setting up routes but my knowledge is very limited and I'm afraid that what I'm doing might mess up the 4over6 tunneling that cannot be changed in any way.

As for all machines being on the same subnet, this can be altered as long as the machines can still talk to each other.

Thanks in advance for the help !

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxxxx'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ip6assign '60'
        option ipaddr '192.168.0.1'
        option netmask '255.255.255.0'
        list dns '192.168.0.48'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'xxxxxx'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option password 'xxxxx'
        option username 'xxxxx'
        option mtu '1454'
        list dns '192.168.0.48'
        option peerdns '0'
        option ipv6 '0'
        option delegate '0'
        option auto '0'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'xxxxx'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'no'
        option peerdns '0'
        list ip6prefix 'xxxxx'
        list dns '192.168.0.48'

config interface 'wan6_map'
        option proto 'map'
        option type 'map-e'
        option tunlink 'wan6'
        option peeraddr 'xxxxxx'
        option ipaddr 'xxxxxx'
        option ip4prefixlen '15'
        option ip6prefix 'xxxxx'
        option ip6prefixlen '31'
        option ealen '25'
        option psidlen '8'
        option offset '4'
        option encaplimit 'ignore'

/etc/config/dhcp

config dnsmasq
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option rebind_protection '0'
        option domainneeded '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'relay'
        option ra 'relay'
        option ra_management '1'
        option ndp 'relay'

config dhcp 'wan6'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'
        option interface 'wan6'
        option start '100'
        option leasetime '12h'
        option limit '150'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
1 Like
uci set network.lan.ip4table="1"
uci set network.wan.ip4table="2"
uci -q delete network.lan_wan
uci set network.lan_wan="rule"
uci set network.lan_wan.src="192.168.0.X"
uci set network.lan_wan.lookup="2"
uci set network.lan_wan.priority="30000"
uci commit network
/etc/init.d/network restart

https://openwrt.org/docs/guide-user/network/ip_rules#examples

2 Likes

Also remove the list dns '192.168.0.48' from wan and wan6 interfaces.
You don't need to enable the ipv4 dhcp server on wan6 interface.

2 Likes

Many thanks. It works.
For some reason after running /etc/init.d/network restart I got an error (command not found or something ? I forgot exactly what it was) but after restarting the router, it works.

I also removed the list dns from the wan and wan6 interfaces (it's the pi.hole device)
I thought this would be required but ads are being blocked all fine without as well so thanks for that too.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.