OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Adze wrote:

The way i got my router originated traffic to load-balance is by adding an ip alias on the loopback interface. Then create a default route with the ip alias as source in the main routing table with a lower metric than the lowest wan interface. You will have something like this:

That's working for me now too.  Would I be wrong to suggest that seems incredibly kludgy? ;-)

Also, what does that look like in your /etc/config/network?

RussellSenior wrote:

Would I be wrong to suggest that seems incredibly kludgy? ;-)

Yes. ;-) I find it rather elegant...

RussellSenior wrote:

Also, what does that look like in your /etc/config/network?

config alias
    option interface loopback
    option proto    static
    option ipaddr    192.168.1.1
    option netmask    255.255.255.255

The static can't be set in /etc/config/network, as there is no option for source. I added it to "/etc/rc.local".

Load balancing the router-generated traffic works fine once I used a low metric on the route.

(Last edited by arfett on 27 Sep 2012, 01:06)

arfett wrote:

Now I'm just trying to find a way to stop openwrt from automatically entering routes with metric 0 for wan interfaces which are configured statically.

Can you explain some more please? What process is setting these static routes? If they are for VPN tunnels and are specific routes, you're fine. If they are default routes, then you indeed should find a way to not set those routes.

??

Weird... I have two wan's with static addresses. I dont have that problem.

config interface 'wan1'
    option ifname 'eth0.1'
    option proto 'static'
    option ipaddr '95.97.227.172'
    option netmask '255.255.255.248'
    option gateway '95.97.227.169'
    option metric '10'
    option accept_ra '1'

config interface 'wan2'
    option ifname 'eth0.2'
    option proto 'static'
    option ipaddr '213.154.232.12'
    option netmask '255.255.255.248'
    option gateway '213.154.232.9'
    option metric '20'
    option accept_ra '1'

Before and after reconnect, everything OK:

root@mars:/etc/uci-defaults# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    5      0        0 lo
0.0.0.0         95.97.227.169   0.0.0.0         UG    10     0        0 eth0.1
0.0.0.0         213.154.232.9   0.0.0.0         UG    20     0        0 eth0.2
95.97.227.168   0.0.0.0         255.255.255.248 U     10     0        0 eth0.1
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 br-lan
213.154.232.8   0.0.0.0         255.255.255.248 U     20     0        0 eth0.2
arfett wrote:

Also if you use DHCP on those I can GUARANTEE you will see the behavior unless you use something other than the default udhcpc.

Also works with udhcpc fine here...

(Last edited by Adze on 24 Sep 2012, 22:43)

I guess you're not using the latest trunk with netifd than?

Stock behaviour of OpenWrt is to set the default route with the metric that you have set it with in /etc/config/network. This works for dhcp and static. Even works for pppoe and pppoa since recently (not in the wiki yet, but tested and works), which saved me a lot of headaches when i started on mwan3.

(Last edited by Adze on 24 Sep 2012, 22:50)

Hi Adze,

I was wondering if you would have an idea on how to implement this. There are 2 dsl connections and an openvpn tunnel will be opened in each. After which all traffic will be load balanced to go only to those 2 tunnels. I'm having trouble getting the vpn tunnel to open on the 2nd dsl connection. Even if I've set the dest_ip to go through the wan2_only, openvpn seems to only open eth1. The next part I imagine is to make mwan3 tun0 and tun1 interfaces, members then policies and to have dest_ip 0.0.0.0/0 to something like tun0_tun1_loadbalanced

As always though, great work, been using since mwan2 so thanks again for continuing development on this.

alan614 wrote:

Hi Adze,

I was wondering if you would have an idea on how to implement this. There are 2 dsl connections and an openvpn tunnel will be opened in each. After which all traffic will be load balanced to go only to those 2 tunnels. I'm having trouble getting the vpn tunnel to open on the 2nd dsl connection. Even if I've set the dest_ip to go through the wan2_only, openvpn seems to only open eth1. The next part I imagine is to make mwan3 tun0 and tun1 interfaces, members then policies and to have dest_ip 0.0.0.0/0 to something like tun0_tun1_loadbalanced


What i would do is the following. Before even installing mwan3 configure your network. Create two static default routes to your ISP's with different metrics. Create specific routes for the VPN gateway to the corresponding VPN tunnel endpoints. Create some temporary test routes to see if traffic traveres the right VPN tunnel. If this all works you can continue installing mwan3.

Remove the temporary statics and create default routes for each vpn tunnel with different metrics than the default routes already in place. Add all 4 interfaces to mwan3 config (2 real interfaces and 2 virtual tunnels). Create mwan3 rules for the specific routes you set for the VPN gateways and set this rule to use the default policy. Then create rules for traffic you want to send out the corresponding VPN tunnel.

I think this will do the trick...

I can help you if you like. Pls PM me if you need some help.

(Last edited by Adze on 11 Oct 2012, 13:30)

Thanks for the reply Adze!

I'll study up and give your idea a shot. I'll PM you if I run up a wall. Thanks! smile

Hello Adze,
I have questions and problems in configuring mwan3 to work with 1 wired WAN (eth0.2) and 1 usb dongle 3g (3g-aero) as fail-over.
I have studied this topic, topic about mwan2 and other forum (polish) but don't have answer to my questions.

1. I'm pinging from LAN to WAN IP and when i unplug WAN cable, ping begins to loss packets and for working i must restart it to make it work with 3g, this is normal behavior?

in LAN:

 ping 178.239.142.104
PING 178.239.142.104 (178.239.142.104): 56 data bytes
64 bytes from 178.239.142.104: seq=0 ttl=55 time=30.539 ms <-- WAN wired
64 bytes from 178.239.142.104: seq=1 ttl=55 time=30.391 ms
64 bytes from 178.239.142.104: seq=2 ttl=55 time=31.171 ms
^C
--- 178.239.142.104 ping statistics ---
50 packets transmitted, 3 packets received, 94% packet loss
round-trip min/avg/max = 30.391/30.700/31.171 ms

(unplugged wire -> losing packets, so I stopped ping process and start it again)

ping 178.239.142.104
PING 178.239.142.104 (178.239.142.104): 56 data bytes
64 bytes from 178.239.142.104: seq=0 ttl=59 time=124.667 ms <-- ping time tells that is going through 3g
64 bytes from 178.239.142.104: seq=1 ttl=59 time=157.990 ms
64 bytes from 178.239.142.104: seq=2 ttl=59 time=278.065 ms
64 bytes from 178.239.142.104: seq=3 ttl=59 time=208.805 ms
64 bytes from 178.239.142.104: seq=4 ttl=59 time=338.577 ms
64 bytes from 178.239.142.104: seq=5 ttl=59 time=318.770 ms
^C
--- 178.239.142.104 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 124.667/237.812/338.577 ms

router:
logread -f
Nov  6 18:33:49 OpenWrt user.notice root: mwan3: Interface wan (eth0.2) is offline
Nov  6 18:33:49 OpenWrt user.notice root: mwan3: ifdown interface wan (eth0.2)
Nov  6 18:33:51 OpenWrt user.info firewall: removing wan (eth0.2) from zone wan
Nov  6 18:33:51 OpenWrt user.notice miniupnpd: removing firewall rules for eth0.2 from zone wan
Nov  6 18:33:51 OpenWrt user.notice root: stopping ntpclient

2. Next, when I plug WAN cable again (and ping works through 3g interface), packets are still transmitted through 3g, there is no switch to normal WAN, that's ok?

in LAN:
 ping 178.239.142.104
PING 178.239.142.104 (178.239.142.104): 56 data bytes
64 bytes from 178.239.142.104: seq=0 ttl=59 time=143.225 ms <--- 3g
64 bytes from 178.239.142.104: seq=1 ttl=59 time=135.859 ms

(plugged again, ping still goes through 3g)

64 bytes from 178.239.142.104: seq=21 ttl=59 time=375.685 ms
64 bytes from 178.239.142.104: seq=22 ttl=59 time=115.702 ms
64 bytes from 178.239.142.104: seq=23 ttl=59 time=125.320 ms
^C
--- 178.239.142.104 ping statistics ---
25 packets transmitted, 24 packets received, 4% packet loss
round-trip min/avg/max = 105.765/156.636/375.685 ms

(restart ping)

-> ping 178.239.142.104
PING 178.239.142.104 (178.239.142.104): 56 data bytes
64 bytes from 178.239.142.104: seq=0 ttl=55 time=30.659 ms
64 bytes from 178.239.142.104: seq=1 ttl=55 time=30.616 ms
^C
--- 178.239.142.104 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 30.616/30.637/30.659 ms

router:
logread -f
Nov  6 18:36:46 OpenWrt user.notice root: mwan3: Lost 27 ping(s) on interface wan (eth0.2)
Nov  6 18:36:56 OpenWrt user.notice root: mwan3: Interface wan (eth0.2) is online
Nov  6 18:36:57 OpenWrt user.notice ifup: Allowing Router Advertisements on wan (eth0.2)
Nov  6 18:36:57 OpenWrt user.notice root: mwan3: ifup interface wan (eth0.2)
Nov  6 18:36:58 OpenWrt user.info sysinit: /sbin/hotplug-call: eval: line 1: arithmetic syntax error <--- ????
Nov  6 18:36:59 OpenWrt user.info firewall: adding wan (eth0.2) to zone wan
Nov  6 18:36:59 OpenWrt user.notice root: starting ntpclient
Nov  6 18:37:01 OpenWrt user.info syslog: SNet version started

3. I have configured 3g_only policy to one host in Internet, it works great but when I lose WAN connection and then recover, 3g_only policy is skipped and packets are transmitted through default WAN interface. I think it's bug.

LAN:
ping 178.239.142.103
PING 178.239.142.103 (178.239.142.103): 56 data bytes
64 bytes from 178.239.142.103: seq=0 ttl=59 time=114.638 ms
64 bytes from 178.239.142.103: seq=1 ttl=59 time=137.409 ms
64 bytes from 178.239.142.103: seq=2 ttl=59 time=137.772 ms
64 bytes from 178.239.142.103: seq=3 ttl=59 time=127.574 ms
64 bytes from 178.239.142.103: seq=4 ttl=59 time=127.494 ms
64 bytes from 178.239.142.103: seq=5 ttl=59 time=97.655 ms
64 bytes from 178.239.142.103: seq=6 ttl=59 time=127.428 ms

(now unplugged cable)

64 bytes from 178.239.142.103: seq=7 ttl=59 time=127.944 ms
64 bytes from 178.239.142.103: seq=8 ttl=59 time=137.534 ms
64 bytes from 178.239.142.103: seq=9 ttl=59 time=127.438 ms
64 bytes from 178.239.142.103: seq=10 ttl=59 time=127.405 ms
64 bytes from 178.239.142.103: seq=11 ttl=59 time=147.516 ms
64 bytes from 178.239.142.103: seq=12 ttl=59 time=178.079 ms
64 bytes from 178.239.142.103: seq=13 ttl=59 time=137.632 ms
64 bytes from 178.239.142.103: seq=14 ttl=59 time=117.660 ms
64 bytes from 178.239.142.103: seq=15 ttl=59 time=137.402 ms
64 bytes from 178.239.142.103: seq=16 ttl=59 time=137.862 ms
^C
--- 178.239.142.103 ping statistics ---
17 packets transmitted, 17 packets received, 0% packet loss
round-trip min/avg/max = 97.655/132.143/178.079 ms

(restart ping, still 3g - nice, in router logread nothing special - same as above)

 ping 178.239.142.103
PING 178.239.142.103 (178.239.142.103): 56 data bytes
64 bytes from 178.239.142.103: seq=0 ttl=59 time=144.467 ms
64 bytes from 178.239.142.103: seq=1 ttl=59 time=156.569 ms
64 bytes from 178.239.142.103: seq=2 ttl=59 time=157.202 ms
64 bytes from 178.239.142.103: seq=3 ttl=59 time=137.295 ms
64 bytes from 178.239.142.103: seq=4 ttl=59 time=137.326 ms

(plugged cable again, still 3g, router as above)

64 bytes from 178.239.142.103: seq=22 ttl=59 time=172.131 ms
64 bytes from 178.239.142.103: seq=23 ttl=59 time=162.011 ms
64 bytes from 178.239.142.103: seq=24 ttl=59 time=132.268 ms
64 bytes from 178.239.142.103: seq=25 ttl=59 time=122.700 ms
^C
--- 178.239.142.103 ping statistics ---
26 packets transmitted, 26 packets received, 0% packet loss
round-trip min/avg/max = 122.463/182.312/433.090 ms

(restart ping)

-> ping 178.239.142.103
PING 178.239.142.103 (178.239.142.103): 56 data bytes
64 bytes from 178.239.142.103: seq=0 ttl=55 time=30.884 ms <-- ?? why WAN?
64 bytes from 178.239.142.103: seq=1 ttl=55 time=30.535 ms
^C
--- 178.239.142.103 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 30.535/30.709/30.884 ms

4. I don't want have connected 3g interface all the time, how disable it and allow to ifup when nessecary?
5. It's possible to connect another wired WAN connection to loadbalancing, but this connection has same gateway as first, this is problem?

Logs and outputs:

ping -c 1 -I eth0.2 www.google.com

PING www.google.com (173.194.65.99): 56 data bytes
64 bytes from 173.194.65.99: seq=0 ttl=47 time=36.085 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 36.085/36.085/36.085 ms


ping -c 1 -I 3g-aero www.google.com
PING www.google.com (173.194.65.103): 56 data bytes
64 bytes from 173.194.65.103: seq=0 ttl=45 time=222.763 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 222.763/222.763/222.763 ms



root@OpenWrt:~# logread | grep mw
Nov  6 18:27:16 OpenWrt user.notice root: mwan3: ifup interface wan (eth0.2)
Nov  6 18:28:27 OpenWrt user.notice root: mwan3: ifup interface aero (3g-aero)
Nov  6 18:28:41 OpenWrt user.notice root: mwan3: ifup interface wan (eth0.2)
Nov  6 18:28:47 OpenWrt user.notice root: mwan3: ifup interface aero (3g-aero)


 ifconfig | grep inet
          inet addr:37.209.135.133  P-t-P:10.64.64.64  Mask:255.255.255.255
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet addr:156.17.227.63  Bcast:156.17.227.127  Mask:255.255.255.128
          inet addr:127.0.0.1  Mask:255.0.0.0

root@OpenWrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         156.17.227.126  0.0.0.0         UG    10     0        0 eth0.2
0.0.0.0         10.64.64.64     0.0.0.0         UG    30     0        0 3g-aero
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br-lan
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3g-aero
156.17.227.0    0.0.0.0         255.255.255.128 U     10     0        0 eth0.2


root@OpenWrt:~# ip rule show
0:      from all lookup local
1001:   from 156.17.227.63 fwmark 0x0/0x8000 lookup 1001
1002:   from 37.209.135.133 fwmark 0x0/0x8000 lookup 1002
1008:   from all fwmark 0x100/0xff00 lookup 1001
1009:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
1019:   from all fwmark 0x1300/0xff00 lookup 1019
32766:  from all lookup main
32767:  from all lookup default


root@OpenWrt:~# ip route list table 1001
default via 156.17.227.126 dev eth0.2
root@OpenWrt:~# ip route list table 1002
default via 10.64.64.64 dev 3g-aero
root@OpenWrt:~# ip route list table 1008
root@OpenWrt:~# ip route list table 1009
root@OpenWrt:~# ip route list table 1016
default via 156.17.227.126 dev eth0.2  metric 1
blackhole default  metric 1000
root@OpenWrt:~# ip route list table 1017
default via 10.64.64.64 dev 3g-aero  metric 1
blackhole default  metric 1000
root@OpenWrt:~# ip route list table 1018
default  metric 1
        nexthop via 10.64.64.64  dev 3g-aero weight 2
        nexthop via 156.17.227.126  dev eth0.2 weight 1
blackhole default  metric 1000
root@OpenWrt:~# ip route list table 1019
default via 156.17.227.126 dev eth0.2  metric 1
default via 10.64.64.64 dev 3g-aero  metric 2
blackhole default  metric 1000

BEFORE UNPLUG CABLE:
root@OpenWrt:~# iptables -L mwan3_pre -t mangle -v -n
Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
 1902  395K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
    4   204 MARK       all  --  3g-aero *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
  262 69176 MARK       all  --  eth0.2 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
 1470  300K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
  291 29110 mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00
root@OpenWrt:~#  iptables -L mwan3_post -t mangle -v -n
Chain mwan3_post (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2   168 MARK       all  --  *      3g-aero  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
  437  171K MARK       all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
  818  320K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
 1482  515K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00
root@OpenWrt:~#  iptables -L mwan3_default -t mangle -v -n
Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
   43  8539 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
  126 18060 MARK       all  --  *      *       0.0.0.0/0            10.0.0.0/24         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            156.17.227.0/25     mark match !0x8000/0x8000 MARK or 0x8000
root@OpenWrt:~# iptables -L mwan3_rules -t mangle -v -n
Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            178.239.142.103     mark match 0x0/0xff00 MARK xset 0x1100/0xff00
   50  2981 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1300/0xff00

AFTER CABLE UNPLUG:
 iptables -L mwan3_rules -t mangle -v -n
Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            178.239.142.103     mark match 0x0/0xff00 MARK xset 0x1100/0xff00
   20  1648 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1300/0xff00


AFTER PLUG CALBE AGAIN:
root@OpenWrt:~#  iptables -L mwan3_pre -t mangle -v -n
Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
33046   16M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
 1421  176K MARK       all  --  eth0.2 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
10110   12M MARK       all  --  3g-aero *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
19272 2411K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
 2588  186K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00
root@OpenWrt:~#  iptables -L mwan3_post -t mangle -v -n
Chain mwan3_post (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2582  206K MARK       all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
 7681  841K MARK       all  --  *      3g-aero  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
14977   14M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
28207   16M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00
root@OpenWrt:~#  iptables -L mwan3_default -t mangle -v -n
Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
  515  193K MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
 1399  269K MARK       all  --  *      *       0.0.0.0/0            10.0.0.0/24         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match !0x8000/0x8000 MARK or 0x8000
 2837  286K MARK       all  --  *      *       0.0.0.0/0            156.17.227.0/25     mark match !0x8000/0x8000 MARK or 0x8000
root@OpenWrt:~#  iptables -L mwan3_rules -t mangle -v -n
Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination <-- empty??
root@OpenWrt:~#

Configs:

cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '10.0.0.1'
        option dns '8.8.8.8 8.8.4.4'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option metric '10'

config switch
        option name 'rtl8366rb'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '1'
        option ports '1 2 3 4 5t'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '2'
        option ports '0 5t'

config interface 'aero'
        option proto '3g'
        option service 'umts'
        option device '/dev/ttyUSB0'
        option apn 'darmowy'
        option metric '30'



cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option drop_invalid '1'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan aero'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'


config include
        option path '/etc/firewall.user'



cat /etc/config/mwan3

config interface 'wan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '8.8.8.8'
        option reliability '1'
        option count '1'
        option interval '5'
        option timeout '1'
        option down '3'
        option up '3'

config interface 'aero'
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '8.8.4.4'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '3'

config member 'wan_m1'
        option interface 'wan'
        option metric '1'
        option weight '1'

config member 'wan_m2'
        option interface 'wan'
        option metric '2'
        option weight '1'

config member '3g_m1'
        option interface 'aero'
        option metric '1'
        option weight '2'

config member '3g_m2'
        option interface 'aero'
        option metric '2'
        option weight '2'

config policy 'wan_only'
        list use_member 'wan_m1'

config policy '3g_only'
        list use_member '3g_m1'

config policy 'wan_3g_loadbalanced'
        list use_member 'wan_m1'
        list use_member '3g_m1'

config policy 'wan_pri_3g_sec'
        list use_member 'wan_m1'
        list use_member '3g_m2'

config rule
        option proto 'all'
        option use_policy '3g_only'
        option dest_ip '178.239.142.103'

config rule
        option dest_ip '0.0.0.0/0'
        option use_policy 'wan_pri_3g_sec'

i have also noticed this:

Nov  6 18:05:37 OpenWrt user.info firewall: adding wan (eth0.2) to zone wan
Nov  6 18:05:38 OpenWrt user.info syslog: SNet version started
Nov  6 18:05:38 OpenWrt user.info sysinit: uci: Entry not found <--- ???
Nov  6 18:05:39 OpenWrt user.notice miniupnpd: adding firewall rules for eth0.2 to zone wan

Thanks for any help with this smile
Greetings

Hi Adze,

Thanks very much to you and Arfett for creating mwan3 and the luci plugin.

I have tested it with two cable modem connections (one with DHCP, one static IPs) with static source IP policy-based routing, and it is working well overall. This is with a TPLink WR1043ND using the ar71xx packages from your web site running on OpenWrt 12.09 beta 1.

I have some questions on usage:

1. Is there a way to specific which WAN IP outgoing traffic should come from? For example, on the interface with the static IPs, I have five public IPs assigned and would like specified internal servers go to out IP1, IP2, etc. matching up to public DNS names pointing to IP1, IP2, etc. However, when I direct traffic from server1 and server2 out this interface, all traffic comes from a single source IP, the main IP of the interface. (I have added the four other IPs as IP aliases on the interface.) I tried using Source NATing for this, but it didn't work at least initially. If you have any advice on how to do this, that would be appreciated.

2. If I want all IPs in a given subnet to always send traffic out interface WAN2 except that, if WAN2 is down, then they should use WAN1, is the policy "wan2_pri_wan1_sec" the correct one to use?

3. The rules have autogenerated names such as cfg0d92bd. Is it OK to change these to use more descriptive rule names such as "DMZ subnet source to use WAN2"?

4. If an interface fails the ping test, I would like to get an alert of some kind. Is there a suggested way to get this? Send the syslog to a remote syslog server and look for a specific syslog alert string there?

5. To control the time for an interface failover, is it (Ping interval+Ping timeout) in seconds x Interface down number of pings? For example, the default configuration is a 2 second ping timeout and a 5 second ping interval, and 3 failed pings to mark an interface down, so the sequence would be ping 1 works, interface fails right after, wait 5 sec, ping 2 fails (2 sec timeout), wait 5 sec, ping 3 fails (2 sec timeout), wait 5 sec, ping 4 fails (2 sec), initiate failover to other interface? This would be 21 seconds plus the failover time.

6. LUCI item: In the "Multiwan policy configuration" and "Multiwan rule configuration" LuCI pages, it would be nice to have the "Member used" and "Policy assigned" fields be drop-down lists to avoid typos.

7. LUCI item: In "Multiwan interface configuration", just the first Test IP shows in the web page.

8. Any news on getting these packages into the opkg repository for Attitude Adjustment?

Thanks again,
Tim

rysi3k wrote:

1. I'm pinging from LAN to WAN IP and when i unplug WAN cable, ping begins to loss packets and for working i must restart it to make it work with 3g, this is normal behavior?

Yes. mwan3 marks traffic based on sessions. Only on a new session will mwan3 determine which interface to exit. Once you have a ping running on your desktop machine, all subsequent pings are considered to be one session. Maybe i wiil change this in the future for icmp. The reason mwan3 works this way is that when a failed wan comes back online, all current transfers keep working.

rysi3k wrote:

2. Next, when I plug WAN cable again (and ping works through 3g interface), packets are still transmitted through 3g, there is no switch to normal WAN, that's ok?

Yes, same reason as question 1.

rysi3k wrote:

3. I have configured 3g_only policy to one host in Internet, it works great but when I lose WAN connection and then recover, 3g_only policy is skipped and packets are transmitted through default WAN interface. I think it's bug.

It looks like a bug, although i can't seem to reproduce it on my own router. Maybe i could get access to your router sometimes and do some more testing? I will try to reproduce it later on, but i am kinda busy this week.. Thanks for the extensive info.

rysi3k wrote:

4. I don't want have connected 3g interface all the time, how disable it and allow to ifup when nessecary?

Look for the demand option in your network config.

rysi3k wrote:

5. It's possible to connect another wired WAN connection to loadbalancing, but this connection has same gateway as first, this is problem?

No... that is not possible...

(Last edited by Adze on 8 Nov 2012, 15:41)

thdyck wrote:

1. Is there a way to specific which WAN IP outgoing traffic should come from? For example, on the interface with the static IPs, I have five public IPs assigned and would like specified internal servers go to out IP1, IP2, etc. matching up to public DNS names pointing to IP1, IP2, etc. However, when I direct traffic from server1 and server2 out this interface, all traffic comes from a single source IP, the main IP of the interface. (I have added the four other IPs as IP aliases on the interface.) I tried using Source NATing for this, but it didn't work at least initially. If you have any advice on how to do this, that would be appreciated.

This is outside the scope of mwan3, but is possible. Define your own nat rules based on source ip addresses and add them before the general MASQ rule.

thdyck wrote:

2. If I want all IPs in a given subnet to always send traffic out interface WAN2 except that, if WAN2 is down, then they should use WAN1, is the policy "wan2_pri_wan1_sec" the correct one to use?

Yes... Assuming that this policy has the correct members set. It is just a policy name...

thdyck wrote:

3. The rules have autogenerated names such as cfg0d92bd. Is it OK to change these to use more descriptive rule names such as "DMZ subnet source to use WAN2"?

Yes, but spaces are not allowed.

thdyck wrote:

4. If an interface fails the ping test, I would like to get an alert of some kind. Is there a suggested way to get this? Send the syslog to a remote syslog server and look for a specific syslog alert string there?

You can try logtrigger to trigger an event in case of specific log entry.

thdyck wrote:

5. To control the time for an interface failover, is it (Ping interval+Ping timeout) in seconds x Interface down number of pings? For example, the default configuration is a 2 second ping timeout and a 5 second ping interval, and 3 failed pings to mark an interface down, so the sequence would be ping 1 works, interface fails right after, wait 5 sec, ping 2 fails (2 sec timeout), wait 5 sec, ping 3 fails (2 sec timeout), wait 5 sec, ping 4 fails (2 sec), initiate failover to other interface? This would be 21 seconds plus the failover time.

Yes. The total time it takes for mwan3 to consider an interface down is: ((( count * timeout ) + interval ) * down). So for default it is ((( 1 * 2 ) + 5 ) * 3 ) = 21 sec. Default value for up is: ((( 1 * rtt ) + 5 ) * 5 ) = >25 sec (where rtt is roundtriptime for ping reply).

thdyck wrote:

6. LUCI item: In the "Multiwan policy configuration" and "Multiwan rule configuration" LuCI pages, it would be nice to have the "Member used" and "Policy assigned" fields be drop-down lists to avoid typos.

WiP, but it's more Arfett's project.

thdyck wrote:

7. LUCI item: In "Multiwan interface configuration", just the first Test IP shows in the web page.

Not the case here... works fine...

thdyck wrote:

8. Any news on getting these packages into the opkg repository for Attitude Adjustment?

No, but there is no need. You can add my repository to feeds.conf.default. This to keep a clear seperation between OpenWRT project and my packages.

(Last edited by Adze on 8 Nov 2012, 19:08)

Hello,

I've just installed new openwrt on a new router (NETGEAR 3800). I added mwan3 support. Now wan interfaces are working correctly but mwan3 does not. I tried to guess what causes the problem by typing mwan3 commands. The Internet works correctly until I type:

root@signum:~# ip rule add pref 1009 fwmark 0x200/0xff00 table 1002

I have no idea why it does not work. iptables rules looks as good as ip route table.

Could anyone help me to solve this problem?

Some details:
Now I am using 2 wan interfaces:
1. wan_static: eth1.10 10.0.1.2/30
2. wan_dynamic: eth1 10.0.1.6/30
During tests wan_dynamic is offline (problem with provider)

Troubleshooting:

root@signum:~# ip rule show
0:    from all lookup local 
1001:    from 10.0.1.6 fwmark 0x0/0x8000 lookup 1001 
1002:    from 10.0.1.2 fwmark 0x0/0x8000 lookup 1002 
1008:    from all fwmark 0x100/0xff00 lookup 1001 
1009:    from all fwmark 0x200/0xff00 lookup 1002 
1016:    from all fwmark 0x1000/0xff00 lookup 1016 
1017:    from all fwmark 0x1100/0xff00 lookup 1017 
1018:    from all fwmark 0x1200/0xff00 lookup 1018 
32766:    from all lookup main 
32767:    from all lookup default

root@signum:~# ip route list table 1001
root@signum:~# ip route list table 1002
default via 10.0.1.1 dev eth1.10 
root@signum:~# ip route list table 1008
root@signum:~# ip route list table 1009
root@signum:~# ip route list table 1016
blackhole default  metric 1000 
root@signum:~# ip route list table 1017
blackhole default  metric 1000 
root@signum:~# ip route list table 1018
blackhole default  metric 1000

root@signum:~# iptables -L mwan3_pre -t mangle -v -n
Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination         
84815   19M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00 
 9462 4118K MARK       all  --  eth1.10 *       0.0.0.0/0            0.0.0.0/0           MARK set 0x2008 
    0     0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00

root@signum:~# iptables -L mwan3_post -t mangle -v -n
Chain mwan3_post (1 references)
 pkts bytes target     prot opt in     out     source               destination         
11605 2894K MARK       all  --  *      eth1.10  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00 
  857 71988 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00 
71585   18M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Hi bearh,


Could you paste me your mwan3 config and the default routing table please?


Thnx

Hello

Thanks for help.

Here goes mwan3 config. There is also interface for 3g failover, but I didn't test it (it was commented out).

config 'interface' 'wan_static'
    option 'enabled' '1'
    list 'track_ip' '8.8.4.4'
    list 'track_ip' '8.8.8.8'
    list 'track_ip' '208.67.222.222'
    list 'track_ip' '208.67.220.220'
    option 'reliability' '2'
    option 'count' '1'
    option 'timeout' '2'
    option 'interval' '5'
    option 'down' '3'
    option 'up' '8'

config 'interface' 'wan_dynamic'
    option 'enabled' '1'
    list 'track_ip' '8.8.8.8'
    list 'track_ip' '8.8.4.4'
    list 'track_ip' '208.67.220.220'
    list 'track_ip' '208.67.222.222'
    option 'reliability' '2'
    option 'count' '1'
    option 'timeout' '2'
    option 'interval' '5'
    option 'down' '3'
    option 'up' '8'

config 'interface' 'gsm'
    option 'enabled' '1'
    list 'track_ip' '8.8.8.8'
    list 'track_ip' '208.67.220.220'
    list 'track_ip' '194.204.152.34'
    option 'reliability' '2'
    option 'count' '1'
    option 'timeout' '4'
    option 'interval' '60'
    option 'down' '4'
    option 'up' '8'

config 'member' 'wan_static_pri'
    option 'interface' 'wan_static'
    option 'metric' '2'
    option 'weight' '6'

config 'member' 'wan_dynamic_pri'
    option 'interface' 'wan_dynamic'
    option 'metric' '2'
    option 'weight' '6'

config 'member' 'mobile_failover'
    option 'interface' 'gsm'
    option 'metric' '6'
    option 'weight' '2'

config 'policy' 'wan_static_only'
    list 'use_member' 'wan_static_pri'

config 'policy' 'wan_dynamic_only'
    list 'use_member' 'wan_dynamic_pri'

config 'policy' 'wan_loadbalanced'
    list 'use_member' 'wan_static_pri'
    list 'use_member' 'wan_dynamic_pri'
    list 'use_member' 'mobile_failover'

#config 'policy' 'mobile_only'
#    list 'use_member' 'mobile_failover'


config 'rule'
    option 'proto' 'udp'
    option 'src_ip' '10.0.2.2/32'
    option 'src_port' '5060'
    option 'use_policy' 'wan_dynamic_only'

config 'rule'
    option 'proto' 'udp'
    option 'src_ip' '10.0.2.2/32'
    option 'src_port' '10000:20000'
    option 'use_policy' 'wan_dynamic_only'

config 'rule'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'wan_loadbalanced'

Default routing table:

root@signum:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.1.4        0.0.0.0         255.255.255.252 U     0      0        0 eth1
10.0.1.0        0.0.0.0         255.255.255.252 U     0      0        0 eth1.10
10.0.7.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0.4
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0.5
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0.3
10.0.8.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0.6
10.0.4.0        0.0.0.0         255.255.254.0   U     0      0        0 eth0.2
10.0.2.0        0.0.0.0         255.255.254.0   U     0      0        0 eth0.3
0.0.0.0         10.0.1.5        0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.0.1.1        0.0.0.0         UG    20     0        0 eth1.10

Hello again,

I noticed something strange on wan (eth1, eth1.10) interfaces (masquerade): the outgoing traffic looks correctly but incoming is doubled:

tcpdump -n -i eth1:

07:38:30.914435 IP 8.8.8.8.53 > 10.0.1.2.54028: 35837 1/0/0 A 69.171.246.16 (60)
07:38:30.914620 IP 8.8.8.8.53 > 10.0.2.242.54028: 35837 1/0/0 A 69.171.246.16 (60)

10.0.1.2 is openwrt router and 10.0.2.242 is lan destination

EDIT:

After some investigation I found that mwan3 works correctly when qos is stopped. Is it possible to run qos and mwan3 simultaneously?

(Last edited by bearh on 16 Nov 2012, 10:23)

Hi bearh,


One thing strikes me: Your wan interfaces are eth1 and eth1.10. I think this is a problem. As eth1 is a trunk; a tagged frame for vlan0 is not really rfc. I would suggest you change this to eth1.x and eth1.10. (generally don't use vlan0).

You mentioned that when you disable QoS, mwan3 works fine. There are different implementations of QoS in OpenWRT. If your QoS package uses mark mask correctly it should work with QoS. If your QoS package does not use mark mask, then it would be a problem. Mwan3 works with mark mask.

Hi Adze,

I wish I could configure both wan interfaces to work on vlan10 and vlan11, but my modems have problem with it. It works fine now on vlan0 and vlan10.

I checked the QoS scripts and realized that you are probably right. They don't use mark masks. I will use other QoS or repair existing scripts and it should solve my problem.

Thanks for help.

Hi Adze

I have no Internet access (OpenWrt Attitude Adjustment 12.09-beta2 / LuCI 0.11 Branch (0.11+svn9402))

PunBB bbcode test
   
I have these 2 WAN Wi-Fi networks // 2 WIFI USB radio

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 wlan2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan2
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan1

ping -c 1 -I wlan2  www.google.com
PING www.google.com (173.194.35.148): 56 data bytes
64 bytes from 173.194.35.148: seq=0 ttl=49 time=34.755 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 34.755/34.755/34.755 ms

 ping -c 1 -I wlan1  www.google.com
PING www.google.com (173.194.35.146): 56 data bytes
64 bytes from 173.194.35.146: seq=0 ttl=58 time=32.232 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 32.232/32.232/32.232 ms


cat  /etc/config/mwan3

config interface 'wan2'
        option enabled '1'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'
        list track_ip '8.8.8.8'

config member 'wan1_m1_w3'
        option metric '1'
        option weight '3'
        option interface 'wan3'

config member 'wan1_m2_w3'
        option metric '2'
        option weight '3'
        option interface 'wan3'

config member 'wan2_m1_w2'
        option interface 'wan2'
        option metric '1'
        option weight '2'

config member 'wan2_m2_w2'
        option interface 'wan2'
        option metric '2'
        option weight '2'

config policy 'wan1_only'
        list use_member 'wan2_m1_w3'

config policy 'wan2_only'
        list use_member 'wan2_m1_w2'

config policy 'wan1_wan2_loadbalanced'
        list use_member 'wan2_m1_w3'
        list use_member 'wan3_m1_w2'

config policy 'wan1_pri_wan2_sec'
        list use_member 'wan1_m1_w3'
        list use_member 'wan2_m2_w2'

config policy 'wan2_pri_wan1_sec'
        list use_member 'wan1_m2_w3'
        list use_member 'wan2_m1_w2'

config rule
        option src_ip '192.168.21.0/24'
        option proto 'tcp'
        option dest_port '563'
        option use_policy 'wan2_only'

config rule
        option src_ip '192.168.21.0/24'
        option proto 'tcp'
        option dest_port '995'
        option use_policy 'wan1_only'

config rule
        option dest_ip '88.154.0.0/16'
        option proto 'tcp'
        option dest_port '1024:65535'
        option equalize '1'
        option use_policy 'wan1_wan2_loadbalanced'

config rule
        option dest_ip '77.11.41.0/24'
        option proto 'tcp'
        option dest_port '1024:65535'
        option use_policy 'wan1_pri_wan2_sec'

config rule
        option dest_ip '112.136.0.0/16'
        option proto 'udp'
        option dest_port '5352'
        option use_policy 'wan2_pri_wan1_sec'

config rule
        option dest_ip '0.0.0.0/0'
        option use_policy 'wan1_wan2_loadbalanced'

config interface 'wan3'
        option enabled '1'
        list track_ip '8.8.8.8'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '3'
th3marco wrote:

Hi Adze

I have no Internet access

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 wlan2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan2
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan1

You haven't followed my instructions... Spot the difference between your routing table and the one in the example...

hello Adze

I've tried it but it's not about

Can you help me? What settings I need to make examples?

Thank you very much

root@OpenWrt:~# ip rule
0:      from all lookup local
1002:   from 192.168.3.100 fwmark 0x0/0x8000 lookup 1002
1009:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
1019:   from all fwmark 0x1300/0xff00 lookup 1019
1020:   from all fwmark 0x1400/0xff00 lookup 1020
32766:  from all lookup main
32767:  from all lookup default

root@OpenWrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 wlan2
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan2
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan3

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config switch
        option name 'rtl8366rb'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '1'
        option ports '1 2 3 4 5t'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '2'
        option ports '0 5t'

config interface 'wan2'
        option _orig_ifname 'wlan1'
        option _orig_bridge 'false'
        option proto 'dhcp'

config interface 'wan3'
        option proto 'dhcp'

config interface 'wan'
        option proto 'dhcp'


root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option network 'wwan wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option name 'wan2'
        option network 'wan2'

config zone
        option name 'wan3'
        option forward 'REJECT'
        option output 'ACCEPT'
        option network 'wan3'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option dest 'wan'
        option src 'lan'

config forwarding
        option dest 'wan2'
        option src 'lan'

config forwarding
        option dest 'wan3'
        option src 'lan'

root@OpenWrt:~# clear
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option network 'wwan wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option name 'wan2'
        option network 'wan2'

config zone
        option name 'wan3'
        option forward 'REJECT'
        option output 'ACCEPT'
        option network 'wan3'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option dest 'wan'
        option src 'lan'

config forwarding
        option dest 'wan2'
        option src 'lan'

config forwarding
        option dest 'wan3'
        option src 'lan'

(Last edited by th3marco on 19 Nov 2012, 20:04)

Hi Th3marco,


Please try to set metrics on the different wan interfaces, as i explained in OP.

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config switch
        option name 'rtl8366rb'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '1'
        option ports '1 2 3 4 5t'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '2'
        option ports '0 5t'

config interface 'wan2'
        option proto 'dhcp'
        option metric '20'

config interface 'wan3'
        option proto 'dhcp'
        option metric '30'

config interface 'wan'
        option proto 'dhcp'
        option metric '10'

Hi Adze

Internet is now thanks for the help but the speed :-(

I reach only 6 Mbit / s
wlan0 = 10 Mbit/s
wlan1 = 10 Mbit/s
wlan2 = 5 Mbit/s

Wi-Fi signal 99% 1000mw :-)

Mwan3 Speedtest.Net
PunBB bbcode test

PunBB bbcode test

PunBB bbcode test

ping -c 1 -I wlan0 [url=http://www.google.com]www.google.com[/url]
PING [url=http://www.google.com]www.google.com[/url] (173.194.35.145): 56 data bytes
--- [url=http://www.google.com]www.google.com[/url] ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

ping -c 1 -I wlan1 [url=http://www.google.com]www.google.com[/url]
PING [url=http://www.google.com]www.google.com[/url] (173.194.35.147): 56 data bytes
--- [url=http://www.google.com]www.google.com[/url] ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

ping -c 1 -I wlan2 [url=http://www.google.com]www.google.com[/url]
PING [url=http://www.google.com]www.google.com[/url] (173.194.35.148): 56 data bytes
64 bytes from 173.194.35.148: seq=0 ttl=58 time=31.466 ms

--- [url=http://www.google.com]www.google.com[/url] ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 31.466/31.466/31.466 ms

ip route list
default via 192.168.0.1 dev wlan0  proto static  metric 10
default via 192.168.3.1 dev wlan2  proto static  metric 20
default via 192.168.2.1 dev wlan1  proto static  metric 30
192.168.0.0/24 dev wlan0  proto static  scope link  metric 10
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1
192.168.2.0/24 dev wlan1  proto static  scope link  metric 30
192.168.3.0/24 dev wlan2  proto static  scope link  metric 20

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 wlan0
0.0.0.0         192.168.3.1     0.0.0.0         UG    20     0        0 wlan2
0.0.0.0         192.168.2.1     0.0.0.0         UG    30     0        0 wlan1
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     30     0        0 wlan1
192.168.3.0     0.0.0.0         255.255.255.0   U     20     0        0 wlan2

logread | grep mwan3
Nov 20 12:09:22 OpenWrt user.notice root: mwan3: ifup interface wan2 (wlan2)
Nov 20 12:09:37 OpenWrt user.notice root: mwan3: ifup interface wan2 (wlan2)
Nov 20 12:12:10 OpenWrt user.notice root: mwan3: Lost 1 ping(s) on interface wan2 (wlan2)

cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config switch
        option name 'rtl8366rb'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '1'
        option ports '1 2 3 4 5t'

config switch_vlan
        option device 'rtl8366rb'
        option vlan '2'
        option ports '0 5t'

config interface 'wan2'
        option proto 'dhcp'
        option metric '20'

config interface 'wan3'
        option proto 'dhcp'
        option metric '30'

config interface 'wan'
        option proto 'dhcp'
        option metric '10'