Routing / Gateway problem

moocan · April 1, 2020, 8:40am

Hello,

I'm loosed. Your help is really appreciated.

Here what I have:
WAN Interfaces:

WAN0 -> IP 10.30.0.254 (DHCP Reserved on 10.30.0.253) -> 10.30.0.253 
WAN1 -> IP 10.30.1.254 (DHCP Reserved on 10.30.1.253) -> 10.30.1.253
WAN2 -> IP 10.30.2.254 (DHCP Reserved on 10.30.2.253) -> 10.30.2.253
WAN3 -> IP 10.30.10.254 (DHCP Reserved on 10.30.10.253) -> 10.30.10.253

LAN Interfaces:

LAN0 -> IP 10.31.0.254 (Static)
LAN1 -> IP 10.31.1.254 (Static)
LAN2 -> IP 10.31.2.254 (Static)
LAN3 -> IP 10.31.10.254 (Static)

Firewall Zone:

LAN0 -> Forward -> WAN0
LAN1 -> Forward -> WAN1
LAN2 -> Forward -> WAN2
LAN3 -> Forward -> WAN3

It seems that I have a routing issue.
What I'm trying to achieve is:

Client on LAN0 -> via -> WAN0 Interface
Client on LAN1 -> via -> WAN1 Interface
Client on LAN2 -> via -> WAN2 Interface
Client on LAN3 -> via -> WAN3 Interface

if I set Use default gateway on each WAN interface I need to set a Use gateway metric value

If I set for example:

WAN0 -> Metric 1
WAN1 -> Metric 2
WAN2 -> Metric 3
WAN3 -> Metric 0

Result:

LAN0 -> No Internet
LAN1 -> No Internet
LAN2 -> No Internet
LAN3 -> Internet

Now changing Metric settings without any 0 priority:

WAN0 -> Metric 2
WAN1 -> Metric 3
WAN2 -> Metric 4
WAN3 -> Metric 1

Result:

LAN0 -> No Internet
LAN1 -> No Internet
LAN2 -> No Internet
LAN3 -> No Internet

So Internet is only available on LAN -> WAN for which the WAN Interface has a Metric with 0.

Now if I disable the Use default gateway on each WAN interface nothing works anymore ... no LAN have Internet
I don't have any gateway even the gateway published by DHCP reservation.

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.30.0.0       *               255.255.255.0   U     10     0        0 eth0.3000
10.30.1.0       *               255.255.255.0   U     3      0        0 eth0.3001
10.30.2.0       *               255.255.255.0   U     2      0        0 eth0.3002
10.30.10.0      *               255.255.255.0   U     0      0        0 eth0.3010
10.31.0.0       *               255.255.255.0   U     0      0        0 eth1.3100
10.31.1.0       *               255.255.255.0   U     0      0        0 eth1.3101
10.31.2.0       *               255.255.255.0   U     0      0        0 eth1.3102
10.31.10.0      *               255.255.255.0   U     0      0        0 eth1.3110

How can I set this to have:

Client on LAN0 -> via -> WAN0 Interface 10.30.0.254 -> 10.30.0.253 -> 192.168.100.254 -> Internet
Client on LAN1 -> via -> WAN1 Interface 10.30.1.254 -> 10.30.1.253 -> 192.168.101.254 -> Internet
Client on LAN2 -> via -> WAN2 Interface 10.30.2.254 -> 10.30.2.253 -> 192.168.102.254 -> Internet
Client on LAN3 -> via -> WAN3 Interface 10.30.10.254 -> 10.30.10.253 -> 192.168.110.254 -> Internet

Many thanks in advance.

Kind Regards

trendy · April 1, 2020, 9:20am

You need to do Policy Based Routing and you have 3 options:

mwan3 package
pbr package
a set of rules/routes for each internet connection.

moocan · April 1, 2020, 11:32am

Hello,

Many many (^1000) thanks for your quick answer.
I really appreciate.

I will read carrefuly the link you shared me about mwan3 and pbr.
Did you already test one of them ?

About solution 3 ... I tried .. but I can unfortunately admit that my network skills, especially routing, are behind me by more than 10 years. That's not like the bicycle !

Kind Regards

trendy · April 1, 2020, 12:11pm

I am using mwan3 and I have played a bit and helped troubleshoot pbr.
However rules and routes are the easiest in your case.


config rule
        option in 'lan0'
        option lookup '100'

config rule
        option in 'lan1'
        option lookup '101'

config rule
        option in 'lan2'
        option lookup '102'

config rule
        option in 'lan3'
        option lookup '103'

config route
        option interface 'wan0'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '10.30.0.253'
        option table '100'

config route
        option interface 'wan1'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '10.30.1.253'
        option table '101'

config route
        option interface 'wan2'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '10.30.2.253'
        option table '102'

config route
        option interface 'wan3'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '10.30.3.253'
        option table '103'

If the interface names and IPs are correct, copy paste it in config/network and restart network.

moocan · April 1, 2020, 1:03pm

Hello,

So many thanks.
It is working well. Just changed interface name (simplified name for post).

I was not so far away of your solution for config route rules but I totally missed the config rule section .... so it can't work.

About mwan3 and pbr (not asking which one is the best) which all seems very powerfull ... but which one would you recommend me ?

One more time ... so many thanks

Kind Regards

trendy · April 1, 2020, 2:00pm

You're welcome!

Yeah, if you don't route based on the source address, there can be only one default gateway active.

PBR can do the same thing the rules/routes do, but on steroids.
MWAN3 is more for load-balancing and failover of multiple wan links, however it can be adjusted to your case to allow a specific lan interface out to a specific wan only.
If you don't consider load balancing or failover, then PBR is just fine.

moocan · April 1, 2020, 4:02pm

Hello,

Oops, an update !
it is fully working for client LANx -> WANx but router itself does not have access to Internet anymore.

As WAN1 is for admin I will try to set the Use default gateway on WAN1 Interface. I don't know if it will cancel the routing rules that have been set ?

EDIT: Seems to be working. After generating network traffic from one client over LAN3 -> WAN3 only the related WAN3 interface seems to have RX/TX updated.

Kind Regards

trendy · April 1, 2020, 5:56pm

The device itself will use the main routing table. You can influence that by giving different metrics to the wan interfaces, lower metric has higher precedence.

moocan · April 2, 2020, 12:29pm

Hello,

Another question ... Due to this config, for example if I need that LAN2 and LAN3 can communicate together ... should I need to add route as config route section and rule as config rule too ?

I have opened traffic between LAN2 and LAN3 allowing zone forwarding and rule but nothing.

Kr,

trendy · April 2, 2020, 1:21pm

You need to add a route in the routing table for the destination subnet.
For example LAN2 has routing table 102 and LAN3 103

config route
        option interface 'lan3'
        option target '10.31.10.0'
        option netmask '255.255.255.0'
        option table '102'

config route
        option interface 'lan2'
        option target '10.31.2.0'
        option netmask '255.255.255.0'
        option table '103'

moocan · April 2, 2020, 2:40pm

Hello,

After taking a lo....ng break and then a paper to "peel" your previous route and rule and after some errors I got something like yours but with a gateway.

I had a trouble with interface due to thinking it was source interface and not target interface

Table 103 is 110 to avoid error in my mind

config route
        option interface 'lan3'
        option target '10.31.10.0'
        option netmask '255.255.255.0'
        option gateway '10.31.10.254'
        option table '102'

config route
        option interface 'lan2'
        option target '10.31.2.0'
        option gateway '10.31.2.254'
        option netmask '255.255.255.0'
        option table '110'

this didn't work.
but an ip route liste table 102 or 110 show routes which seems to be good.
Good news

After your answer I removed the gateway.
this didn't work too.

After a reboot ... this is working.
I don't know if gateway is important.
I will test it later for my knowledge.

Thank you again for your useful help.

I don't know if you are also a dnmasq guru as for the network but I think that I will maybe need to ask some idiot question on the forum about it to avoid installing bind that I already used many times.

Thank you for your time.
See you soon.

Kr,

trendy · April 2, 2020, 2:54pm

The gateway is definitely not needed as all those LANs are directly connected to the OpenWrt.
Maybe you had too many stale entries in the routing table which were not cleared properly and the reboot fixed it.

Not a guru, so better ask the forum. No question is stupid, nobody was born wise, and you won't learn if you don't ask.

moocan · April 6, 2020, 10:56pm

Hello,

A latest question ...
Regarding IPv6 routing routes and rules.. is it the same logic as IPv4 ? and same way to configure them on OpenWRT using config route and config rules target, netmask or is there any other option values for them ?

If you have any example as the above ones it would be nice.

Kind Regards

trendy · April 7, 2020, 8:44am

The principal is the same, you just need to be a bit careful with rules, as there are some already there and the lower rule number gives higher precedence.

system · April 17, 2020, 8:44am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.