[solved] Multiple wan for input (fw4)

Hi to all

i am struggling with multiple WAN setup

wanA is "new default pub ip" metric 0
wanB is "old pub ip" metric 10

so, longer explanations

wanB was only interface when OWRT was set up, router have different services, wg, ssh, etc enabled on wanB
all DNS records point to wanB pub IP
so far so good

i wanted to add "new" ISP and slowly migrate services to wanA, and, after migration, shut down wanB

so, it is not a typical which LAN client need to use specific WAN situation ...
and to be honest, LAN side is not a priority ATM
incoming connections are my problem

my biggest problem is that i could not figure out, how to mark packets in FW4 and output them on right wanX interface

since wanA is primary, packets incoming on wanB going out, sadly on wanA

on mikrotik ROS i know how to mark/mangle/etc
but i am confused on OWRT

any idea? documentation?
google is giving mostly FW3 topics :frowning:

tried this

network

config route
        option interface 'vlan44'
        option target '0.0.0.0/0'
        option gateway 'XXX.40.5.65'
        option table '44'
        option source 'XXX.40.5.70'

config rule
        option lookup '44'
        option mark '0x2c'

firewall

config rule
        option name 'm44out'
        list proto 'all'
        option dest 'vlan44'
        option target 'MARK'
        option set_mark '0x2c'

config rule
        option name 'm44in'
        list proto 'all'
        option src 'vlan44'
        option target 'MARK'
        option set_mark '0x2c'

but still, packets going out on wrong interface

If the services you want to access are hosted on the router (without port forwarding), you don't need packet marking. Just create a dedicated routing table for requests coming to the wanB IP address.

ip rule add from <wanB_IP> table 100 prio 1
ip route add default via <wanB_gateway> table 100

The above can also be done using uci.

tnx for the tip

any UCI example? i really want to avoid rc.local

uci add network rule
uci set network.@rule[-1].lookup='100'
uci set network.@rule[-1].src='$wanB_IP/32' 

uci add network route
uci set network.@route[-1].target='0.0.0.0/0'
uci set network.@route[-1].table='100'
uci set network.@route[-1].interface='wanB' # Logical ifname!
uci set network.@route[-1].gateway='$wanB_gw'
2 Likes

hi @pavelgl

looks OK

05:24:22.295365 IP 192.168.200.102.39206 > XXX.40.5.66.80: Flags [F.], seq 126, ack 11013, win 501, options [nop,nop,TS val 659171466 ecr 2577026041], length 0
05:24:22.297711 IP XXX.40.5.66.80 > 192.168.200.102.39206: Flags [F.], seq 11013, ack 127, win 509, options [nop,nop,TS val 2577026045 ecr 659171466], length 0

thank you

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.