[Solved] Route different networks to different WANs

I would like different networks to NAT and use different external IPv4-addresses.
All workers should use one external IPv4-address while guests use another external IPv4-address. How can I do this?

eth1         Network workers     192.168.13.0/24      Zone workers
+            +                   +                    +
+---> eth0   +---> Network wan1  +---> 198.51.100.13  +---> Zone wan

eth2         Network guests      192.168.14.0/24      Zone guests
+            +                   +                    +
+---> eth0   +---> Network wan2  +---> 198.51.100.14  +---> Zone wan

I would honestly say, just like you drew it; but I'm sure you're asking for more than that:

• The default WAN and LAN should be setup
• Create a guest LAN Interface and add it to new firewall zone
• Create the guest WAN, add a higher metric (e.g. 5) and add it to new firewall zone
• Make Guest LAN General Rules similar to LAN
• Make Guest WAN rules similar to WAN
• Allow forwarding from Guest LAN to Guest WAN
• make an IP rule and route for the Guest LAN to use the Guest WAN (below)
• Done!

config rule
	option in 'guest_lan'
	option dest '0.0.0.0/0'
	option priority '2'
	option lookup '2'

config route
	option interface 'guest_wan'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '2'

Please be advised, placing the Guest WAN's gateway on IP Table No. 2 will make the Guest Network isolated from the other networks on your router, as it will no longer use the main routing table. This can be fixed by adding more detailed rules.

Thank you for answering my question.
Am having problem applying IP rule so Guest LAN traffic is using Guest WAN.
ip route show table 2 does not give anything back so am guessing the rule has not been applied. Am I supposed to put your config in /etc/config/firewall and then run a /etc/init.d/firewall reload?

IP Routes and Rules go in /etc/config/network. My apologies for not clarifying that.

You would then do:

/etc/init.d/network restart

ALSO, YOU WILL NEED TO ADD YOUR GATEWAY IP FOR GUEST WAN!

Also add:

option 'gateway' 'xxx.xxx.xxx.xxx'

I do think the reason this does not work is because both guest_wan and worker_wan is using the same gateway. It may not be clear but see the first post on the IPv4-addresses, 198.51.100.13/24 is worker_wan and 198.51.100.14/24 is guest_wan. meaning both is using gateway 198.51.100.1.
The trick am after is to have all from guest_lan use a different outgoing IPv4-address. In this case 198.51.100.14.

config interface 'worker_wan'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '198.51.100.13'
	option netmask '255.255.255.0'
	option gateway '198.51.100.1'
	option dns '8.8.8.8'

config interface 'guest_wan'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '198.51.100.14'
	option netmask '255.255.255.0'
	option gateway '198.51.100.1'
	option dns '8.8.8.8'
	option metric '5'


config interface 'worker_lan'
	option ifname 'eth1'
	option proto 'static'
	option ipaddr '192.168.13.1'
	option netmask '255.255.255.0'

config interface 'guest_lan'
	option proto 'static'
	option ifname 'eth2'
	option ipaddr '192.168.14.1'
	option netmask '255.255.255.0'


config rule
	option in 'guest_lan'
	option dest '0.0.0.0/0'
	option priority '2'
	option lookup '2'

config route
	option interface 'guest_wan'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option gateway '198.51.100.1'
	option table '2'

in the firewall you should turn on ip masquerading for the guest wan (can do it in luci with a checkbox) that should cause it to use the guest_wan IP as the ipv4 for outgoing connections through the guest wan. I think this might be your problem.

This setup works if WAN interfaces is using different gateways. That is because of the config route rule that match everything on route table 2 and sends it to defined gateway in that rule.
Thank you lleachii for solving this question.

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.