Simple MWAN3 fail over configuration

Hi,

I need help configuring a simple fail over from eth to wifi with MWAN3.
When the cable is disconnected, I can still can ping trough WLAN but the gateway loses connection.

# /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0'
        option macaddr 'XX'
        option peerdns '0'
        option netmask '255.255.255.0'
        option dns '8.8.8.8 8.8.4.4'
        option ipaddr '192.168.0.232'
        option proto 'dhcp'

config interface 'wlan'
        option proto 'dhcp'
        option metric '200'
        option dns '8.8.8.8'
        option peerdns '0'
        option disabled '0'
# /etc/config/mwan3

config globals 'globals'
        option mmx_mask '0x3F00'
        option local_source 'lan'

config interface 'lan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '8.8.8.8'
        list track_ip '208.67.222.222'
        list track_ip '208.67.220.220'
        option family 'ipv4'
        option reliability '2'
        option count '1'
        option timeout '2'
        option failure_latency '1000'
        option recovery_latency '500'
        option failure_loss '20'
        option recovery_loss '5'
        option interval '5'
        option down '3'
        option up '8'

config interface 'wlan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '8.8.8.8'
        list track_ip '208.67.222.222'
        list track_ip '208.67.220.220'
        option family 'ipv4'
        option reliability '2'
        option count '1'
        option timeout '2'
        option failure_latency '1000'
        option recovery_latency '500'
        option failure_loss '20'
        option recovery_loss '5'
        option interval '5'
        option down '3'
        option up '8'


config member 'lan_m1_w3'
        option interface 'lan'
        option metric '1'
        option weight '3'

config member 'wlan_m2_w3'
        option interface 'wlan'
        option metric '2'
        option weight '3'


config policy 'failover'
        list use_member 'lan_m1_w3'
        list use_member 'wlan_m2_w3'
        option last_resort 'unreachable'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option use_policy 'failover'

# mwan3 status

Interface status:
 interface lan is offline and tracking is active
 interface wlan is online and tracking is active

Current ipv4 policies:
failover:
 wlan (100%)


Current ipv6 policies:
failover:
 unreachable


Directly connected ipv4 networks:
 127.0.0.1
 127.0.0.0
 127.0.0.0/8
 192.168.178.38
 192.168.178.0
 127.255.255.255
 192.168.178.255
 192.168.178.0/24
 224.0.0.0/3
 192.168.178.37

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 - failover  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Active ipv6 user rules:
    0     0 - failover  all      *      *       ::/0                 ::/0
# ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

Any help would be greatly appreciated,
Ian

Is there a metric in lan?

1 Like

Yes, there is.
I did not paste correctly. Sorry.
option metric '100'

This is the routing table without MWAN3:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    100    0        0 eth0
0.0.0.0         192.168.178.1   0.0.0.0         UG    200    0        0 wlan0
192.168.178.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
192.168.178.0   0.0.0.0         255.255.255.0   U     200    0        0 wlan0

You cannot have the same subnet in both eth0 and wlan0.

1 Like

I tried connecting to another Wifi and the routes look like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    100    0        0 eth0
0.0.0.0         192.168.43.1    0.0.0.0         UG    200    0        0 wlan0
192.168.43.0    0.0.0.0         255.255.255.0   U     200    0        0 wlan0
192.168.178.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

But this still does not work.
I also tried a lot of configurations without sucess.

Have you verified that each interface works before you start with mwan3?

Yes...

ping -c 2 -I eth0 google.com

PING google.com (172.217.23.14): 56 data bytes
64 bytes from 172.217.23.14: seq=0 ttl=119 time=28.024 ms
64 bytes from 172.217.23.14: seq=1 ttl=119 time=27.599 ms

ping -c 2 -I wlan0 google.com

PING google.com (172.217.23.14): 56 data bytes
64 bytes from 172.217.23.14: seq=0 ttl=111 time=61.135 ms
64 bytes from 172.217.23.14: seq=1 ttl=111 time=51.086 ms

Logs after disconnecting the cable:

Thu May  6 09:58:39 2021 kern.info kernel: [63229.111334] rt3050-esw 10110000.esw: link changed 0x00
Thu May  6 09:58:44 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.4.4" on interface lan (eth0)
Thu May  6 09:58:46 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.8.8" on interface lan (eth0)
Thu May  6 09:58:48 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.222.222" on interface lan (eth0)
Thu May  6 09:58:50 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.220.220" on interface lan (eth0)
Thu May  6 09:58:57 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.4.4" on interface lan (eth0)
Thu May  6 09:58:59 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.8.8" on interface lan (eth0)
Thu May  6 09:59:01 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.222.222" on interface lan (eth0)
Thu May  6 09:59:03 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.220.220" on interface lan (eth0)
Thu May  6 09:59:10 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.4.4" on interface lan (eth0)
Thu May  6 09:59:12 2021 user.info mwan3track[1866]: Check (ping) failed for target "8.8.8.8" on interface lan (eth0)
Thu May  6 09:59:14 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.222.222" on interface lan (eth0)
Thu May  6 09:59:16 2021 user.info mwan3track[1866]: Check (ping) failed for target "208.67.220.220" on interface lan (eth0)
Thu May  6 09:59:16 2021 user.notice mwan3track[1866]: Interface lan (eth0) is offline
Thu May  6 09:59:18 2021 user.notice mwan3[2088]: Execute ifdown event on interface lan (eth0)
Thu May  6 09:59:18 2021 user.info mwan3[2088]: connection tracking not flushed on interface lan (eth0) ifdown
Thu May  6 09:59:18 2021 user.info mwan3track[1866]: Detect ifdown event on interface lan (eth0)

Run once again the mwan3 status and post here the output.

With booth interfaces connected:

Interface status:
 interface lan is online and tracking is active
 interface wlan is online and tracking is active

Current ipv4 policies:
failover:
 lan (100%)


Current ipv6 policies:
failover:
 unreachable


Directly connected ipv4 networks:
 224.0.0.0/3
 127.0.0.1
 192.168.178.0
 192.168.43.0
 127.0.0.0/8
 127.255.255.255
 127.0.0.0/24
 192.168.178.0/24
 192.168.43.214
 127.0.0.255
 192.168.43.255
 192.168.178.37
 192.168.43.0/24
 192.168.178.255
 127.0.0.0

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    1    76 - failover  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Active ipv6 user rules:
    0     0 - failover  all      *      *       ::/0                 ::/0
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.178.37  0.0.0.0         UG    0      0        0 lo
default         192.168.178.1   0.0.0.0         UG    100    0        0 eth0
default         192.168.43.1    0.0.0.0         UG    200    0        0 wlan0
192.168.43.0    *               255.255.255.0   U     200    0        0 wlan0
192.168.178.0   *               255.255.255.0   U     100    0        0 eth0

After cable disconnected:

Interface status:
 interface lan is offline and tracking is active
 interface wlan is online and tracking is active

Current ipv4 policies:
failover:
 wlan (100%)


Current ipv6 policies:
failover:
 unreachable


Directly connected ipv4 networks:
 224.0.0.0/3
 192.168.178.255
 127.0.0.1
 192.168.178.37
 127.0.0.0
 192.168.43.214
 192.168.178.0
 127.0.0.0/8
 127.255.255.255
 127.0.0.0/24
 127.0.0.255
 192.168.43.255
 192.168.43.0/24
 192.168.178.0/24
 192.168.43.0

Directly connected ipv6 networks:
 fe80::/64

Active ipv4 user rules:
    0     0 - failover  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Active ipv6 user rules:
    0     0 - failover  all      *      *       ::/0                 ::/0
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    100    0        0 eth0
0.0.0.0         192.168.43.1    0.0.0.0         UG    200    0        0 wlan0
192.168.43.0    0.0.0.0         255.255.255.0   U     200    0        0 wlan0
192.168.178.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

What is this?

I don't see any hits on the rule.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; uci export mwan3; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Thank you for your patience and help @trendy
I have little knowledge on this topic.

I have executed the commands with cable disconnected:

ubus call system board; \
> uci export network; uci export wireless; uci export mwan3; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
        "kernel": "4.14.82",
        "hostname": "ubisafe",
        "system": "MediaTek MT7688 ver:1 eco:2",
        "model": "SM-HLK7688A",
        "board_name": "sm-hlk7688a",
        "release": {
                "distribution": "OpenWrt",
                "version": "18.06-SNAPSHOT",
                "revision": "r0-7786da9",
                "target": "ramips\/mt76x8",
                "description": "OpenWrt 18.06-SNAPSHOT r0-7786da9"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.255.255.0'

config interface 'lan'
        option ifname 'eth0'
        option macaddr 'XX'
        option peerdns '1'
        option metric '100'
        option netmask '255.255.255.0'
        option dns '8.8.8.8 8.8.4.4'
        option proto 'dhcp'

config interface 'aplan'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ipv6 '0'
        option disabled '1'

config interface 'wlan'
        option ifname 'wlan0'
        option proto 'dhcp'
        option metric '200'
        option dns '8.8.8.8'
        option peerdns '1'
        option disabled '0'

config interface 'wwan'
        option ifname 'wwan0'
        option device '/dev/cdc-wdm0'
        option proto 'qmi'
        option polling_timeout '60'
        option ping_timeout '15'
        option ping_count '3'
        option metric '300'
        option latency_max '1000'
        option register_timeout '60'
        option connect_timeout '40'
        option auto_answer '1'
        option disabled '0'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '7'
        option hwmode '11g'
        option path 'platform/10300000.wmac'
        option htmode 'HT20'
        option disabled '0'
        option country '00'

config wifi-iface
        option network 'aplan'
        option encryption 'none'
        option device 'radio0'
        option mode 'ap'
        option ssid 'XX'
        option macaddr XX'
        option hidden '0'
        option disabled '1'

config wifi-iface
        option network 'wlan'
        option encryption 'psk2'
        option device 'radio0'
        option mode 'sta'
        option macaddr 'XX'
        option ssid 'XX'
        option key 'XX'
        option disabled '0'

package mwan3

config globals 'globals'
        option mmx_mask '0x3F00'
        option local_source 'lan'
        option logging '1'
        option loglevel 'debug'

config interface 'lan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '8.8.8.8'
        list track_ip '208.67.222.222'
        list track_ip '208.67.220.220'
        option family 'ipv4'
        option reliability '2'
        option count '1'
        option timeout '2'
        option failure_latency '1000'
        option recovery_latency '500'
        option failure_loss '20'
        option recovery_loss '5'
        option interval '5'
        option down '3'
        option up '8'

config interface 'wlan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '8.8.8.8'
        list track_ip '208.67.222.222'
        list track_ip '208.67.220.220'
        option family 'ipv4'
        option reliability '2'
        option count '1'
        option timeout '2'
        option failure_latency '1000'
        option recovery_latency '500'
        option failure_loss '20'
        option recovery_loss '5'
        option interval '5'
        option down '3'
        option up '8'

config member 'lan_m1_w3'
        option interface 'lan'
        option metric '1'
        option weight '3'

config member 'wlan_m2_w3'
        option interface 'wlan'
        option metric '2'
        option weight '3'

config policy 'failover'
        list use_member 'lan_m1_w3'
        list use_member 'wlan_m2_w3'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option use_policy 'failover'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'aplan'
        option start '2'
        option limit '10'
        option leasetime '12h'
        option interface 'aplan'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option conntrack '1'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option conntrack '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Generated by iptables-save v1.6.2 on Thu May  6 11:17:33 2021
*nat
:PREROUTING ACCEPT [124:29879]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [1571:131628]
:POSTROUTING ACCEPT [1571:131628]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[124:29879] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[124:29879] -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
[1571:131628] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[717:59780] -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
[717:59780] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[124:29879] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Thu May  6 11:17:34 2021
# Generated by iptables-save v1.6.2 on Thu May  6 11:17:34 2021
*mangle
:PREROUTING ACCEPT [1504:145280]
:INPUT ACCEPT [1504:145280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2186:201911]
:POSTROUTING ACCEPT [2186:201911]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_lan - [0:0]
:mwan3_iface_in_wlan - [0:0]
:mwan3_iface_out_lan - [0:0]
:mwan3_iface_out_wlan - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_failover - [0:0]
:mwan3_rules - [0:0]
[2132:252231] -A PREROUTING -j mwan3_hook
[2548:233163] -A OUTPUT -j mwan3_hook
[2506:249640] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[4680:485394] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[2115:230443] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[1797:150388] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[1771:148244] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
[23:1748] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[4680:485394] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[4254:395944] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[128:31274] -A mwan3_iface_in_lan -i eth0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_lan -i eth0 -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[0:0] -A mwan3_iface_in_wlan -i wlan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[0:0] -A mwan3_iface_in_wlan -i wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wlan -j MARK --set-xmark 0x200/0x3f00
[702:58680] -A mwan3_iface_out_lan -o eth0 -m mark --mark 0x0/0x3f00 -m comment --comment lan -j MARK --set-xmark 0x100/0x3f00
[946:79464] -A mwan3_iface_out_wlan -o wlan0 -m mark --mark 0x0/0x3f00 -m comment --comment wlan -j MARK --set-xmark 0x200/0x3f00
[1923:181494] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wlan
[1701:163070] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_lan
[1671:139892] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wlan
[708:59136] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_lan
[0:0] -A mwan3_policy_failover -m mark --mark 0x0/0x3f00 -m comment --comment "wlan 3 3" -j MARK --set-xmark 0x200/0x3f00
[0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_failover
COMMIT
# Completed on Thu May  6 11:17:34 2021
# Generated by iptables-save v1.6.2 on Thu May  6 11:17:34 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [848:71428]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[712:78547] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[876:73853] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[872:73613] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1:60] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[4:240] -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[718:79003] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[1564:131064] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[1:40] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[715:59596] -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[1:60] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[715:59596] -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[4:240] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[4:240] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[715:59596] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[715:59596] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[4:240] -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[0:0] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[0:0] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu May  6 11:17:35 2021
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.0.1/24 brd 127.0.0.255 scope global lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    inet 192.168.178.37/24 brd 192.168.178.255 scope global eth0
       valid_lft forever preferred_lft forever
15: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.43.214/24 brd 192.168.43.255 scope global wlan0
       valid_lft forever preferred_lft forever
default via 192.168.178.1 dev eth0 table 1
default via 192.168.43.1 dev wlan0 table 2
default via 192.168.178.1 dev eth0 proto static src 192.168.178.37 metric 100
default via 192.168.43.1 dev wlan0 proto static src 192.168.43.214 metric 200
192.168.43.0/24 dev wlan0 proto static scope link metric 200
192.168.178.0/24 dev eth0 proto static scope link metric 100
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/24 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.0.0.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.43.0 dev wlan0 table local proto kernel scope link src 192.168.43.214
local 192.168.43.214 dev wlan0 table local proto kernel scope host src 192.168.43.214
broadcast 192.168.43.255 dev wlan0 table local proto kernel scope link src 192.168.43.214
broadcast 192.168.178.0 dev eth0 table local proto kernel scope link src 192.168.178.37
local 192.168.178.37 dev eth0 table local proto kernel scope host src 192.168.178.37
broadcast 192.168.178.255 dev eth0 table local proto kernel scope link src 192.168.178.37
0:      from all lookup local
1001:   from all iif eth0 lookup main
1002:   from all iif wlan0 lookup main
2001:   from all fwmark 0x100/0x3f00 lookup 1
2002:   from all fwmark 0x200/0x3f00 lookup 2
2061:   from all fwmark 0x3d00/0x3f00 blackhole
2062:   from all fwmark 0x3e00/0x3f00 unreachable
32766:  from all lookup main
32767:  from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Feb 22 17:13 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root             0 May  6 10:57 /tmp/resolv.conf
-rw-r--r--    1 root     root           156 May  6 11:05 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==

==> /tmp/resolv.conf <==

==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 192.168.178.1
search fritz.box
# Interface wlan
nameserver 8.8.8.8
nameserver 192.168.43.1
head: /tmp/resolv.*/*: No such file or directory

As a sidenote your OpenWrt version is quite old. 18.06 is deprecated, moreover running the snapshot is not a good idea if there are stable versions.
Apart from that, where is the host subnet? I can see only lan and wlan active, but nothing for the hosts.
Furthermore the wlan interface is not added to any firewall zone, nor is masquerade enabled.
Fix these first and we can troubleshoot further.

Ok, I will work on that. Thanks for you commentaries.

1 Like