OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Adze wrote:

Hi tcherenato,


I'd like to help you and get things running. But all in the right order. Your fiddling with mwan3, but your main routing table is still not correct. My advise to you is:

- Start over with reinstall of openwrt, but don't install mwan3 yet.
- Make sure your network config is OK and you have a default route for each wan interface in your default routing table.
- Don't continue with mwan3, until you extensively tested this setup. (reboot router, bring interfaces up and down and each time check if the main routing table is correct.)

Only then continue installing mwan3. Your current setup is (as far as i can see) not an mwan3 problem.

Hi Tim, thanks for your reply!

I think that the routing tables are correct:

root-> ip route
default via 192.168.67.254 dev eth1  proto static  metric 40 
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 187.119.141.115 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40

root-> ping -c 1 -I eth1 google.com
PING google.com (186.215.92.113): 56 data bytes
64 bytes from 186.215.92.113: seq=0 ttl=57 time=10.324 ms

root-> ping -c 1 -I 3g-wan1 google.com
PING google.com (186.215.92.93): 56 data bytes
64 bytes from 186.215.92.93: seq=0 ttl=52 time=407.254 ms

I can turn off and on the network interfaces without problems.

root-> ifconfig 3g-wan1 down

root-> ip route
default via 192.168.67.254 dev eth1  proto static  metric 40 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40

MWAN3 Multi-WAN Interface Live Status
Aug  7 12:47:30 MR3220V12 user.info mwan3track: Interface wan1 (3g-wan1) is offline

root-> /etc/init.d/network restart

root-> ifconfig 3g-wan1
3g-wan1   Link encap:Point-to-Point Protocol  
          inet addr:189.96.231.203  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:124 (124.0 B)  TX bytes:148 (148.0 B)

Aug  7 12:59:15 MR3220V12 user.info mwan3: ifup interface wan1 (3g-wan1)

root-> ip route
default via 192.168.67.254 dev eth1  proto static  metric 40 
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 177.145.52.81 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40 
root-> ifconfig eth1 down

root-> ip route
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 189.96.231.203 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 

Aug  7 13:03:13 MR3220V12 user.info mwan3track: Interface wan2 (eth1) is offline

root-> /etc/init.d/network restart

root-> ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 90:F6:52:B9:CF:29  
          inet addr:192.168.67.1  Bcast:192.168.67.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6101 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6494 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1915537 (1.8 MiB)  TX bytes:939629 (917.6 KiB)
          Interrupt:4 

Aug  7 13:06:21 MR3220V12 user.info mwan3: ifup interface wan2 (eth1)

root-> ip route
default via 192.168.67.254 dev eth1  proto static  metric 40 
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 177.145.52.81 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40 

Testing a rule:

config rule 'whatsmyip'
    option dest_ip 'whatsmyip.us'               (67.228.228.244)
    option proto 'all'
    option use_policy 'wan1_only'

Ping inside the network:

renato@FX6100:~$ ping -c1 67.228.228.244
PING 67.228.228.244 (67.228.228.244) 56(84) bytes of data.
64 bytes from 67.228.228.244: icmp_req=1 ttl=47 time=409 ms

In OpenWRT:
root-> tcpdump -i eth1 dst host 67.228.228.244 -n -v
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
NOTHING

root-> tcpdump -i 3g-wan1 dst host 67.228.228.244 -n -v
tcpdump: listening on 3g-wan1, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
13:30:24.569295 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    177.145.52.81 > 67.228.228.244: ICMP echo request, id 3671, seq 1, length 64

MWAN is working perfectly!

Now 3g-wan is off:

root-> ifconfig 3g-wan1 down

Aug  7 13:36:00 MR3220V12 user.info mwan3track: Interface wan1 (3g-wan1) is offline

renato@FX6100:~$ ping -c1 67.228.228.244
PING 67.228.228.244 (67.228.228.244) 56(84) bytes of data.
64 bytes from 67.228.228.244: icmp_req=1 ttl=49 time=234 ms

root-> tcpdump -i eth1 dst host 67.228.228.244 -n -v
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:36:55.054979 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.67.1 > 67.228.228.244: ICMP echo request, id 3693, seq 1, length 64

By rule, should go out only by wan1, but is leaving by wan2 when wan1 is off.

root-> iptables -L -t mangle -n -v |grep 'mwan3_rules\|67.228.228.244'
  391 24097 mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
Chain mwan3_rules (1 references)
    4   240 MARK       all  --  *      *       0.0.0.0/0            67.228.228.244      mark match 0x0/0xff00 MARK xset 0x1000/0xff00
root-> ip route list table 0
default via 10.64.64.64 dev 3g-wan1  table 1016  metric 1 
default via 192.168.67.254 dev eth1  table 1022  metric 1 
default via 10.64.64.64 dev 3g-wan1  table 1022  metric 2 
default via 192.168.67.254 dev eth1  table 1020  metric 1 
default via 10.64.64.64 dev 3g-wan1  table 1020  metric 2 
default  table 1018  metric 1 
        nexthop via 192.168.67.254  dev eth1 weight 2
        nexthop via 10.64.64.64  dev 3g-wan1 weight 3
default via 192.168.67.254 dev eth1  table 1002 
default via 192.168.67.254 dev eth1  proto static  metric 40 
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 179.224.184.192 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40 
default via 10.64.64.64 dev 3g-wan1  table 1001 
default via 192.168.67.254 dev eth1  table 1021  metric 2 
default via 10.64.64.64 dev 3g-wan1  table 1019  metric 1 
default via 192.168.67.254 dev eth1  table 1019  metric 2 
default via 192.168.67.254 dev eth1  table 1017  metric 1 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 179.224.184.192 dev 3g-wan1  table local  proto kernel  scope host  src 179.224.184.192 
broadcast 192.168.66.0 dev eth0  table local  proto kernel  scope link  src 192.168.66.254 
local 192.168.66.254 dev eth0  table local  proto kernel  scope host  src 192.168.66.254 
broadcast 192.168.66.255 dev eth0  table local  proto kernel  scope link  src 192.168.66.254 
broadcast 192.168.67.0 dev eth1  table local  proto kernel  scope link  src 192.168.67.1 
local 192.168.67.1 dev eth1  table local  proto kernel  scope host  src 192.168.67.1 
broadcast 192.168.67.255 dev eth1  table local  proto kernel  scope link  src 192.168.67.1 
[~]
Software versions : 

OpenWrt - OpenWrt Attitude Adjustment 12.09 (r36088)
mwan3 - 1.2-17
luci-app-mwan3 - 1.1-13

Firewall default output policy (must be ACCEPT) : 

ACCEPT

Output of "ip route show" : 

default via 192.168.67.254 dev eth1  proto static  metric 40 
default via 10.64.64.64 dev 3g-wan1  proto static  metric 50 
10.64.64.64 dev 3g-wan1  proto kernel  scope link  src 179.224.184.192 
192.168.66.0/24 dev eth0  proto kernel  scope link  src 192.168.66.254 
192.168.67.0/24 dev eth1  proto static  scope link  metric 40

Output of "ip rule show" : 

0:    from all lookup local 
1001:    from all fwmark 0x100/0xff00 lookup 1001 
1002:    from all fwmark 0x200/0xff00 lookup 1002 
1016:    from all fwmark 0x1000/0xff00 lookup 1016 
1017:    from all fwmark 0x1100/0xff00 lookup 1017 
1018:    from all fwmark 0x1200/0xff00 lookup 1018 
1019:    from all fwmark 0x1300/0xff00 lookup 1019 
1020:    from all fwmark 0x1400/0xff00 lookup 1020 
1021:    from all fwmark 0x1500/0xff00 lookup 1021 
1022:    from all fwmark 0x1600/0xff00 lookup 1022 
32766:    from all lookup main 
32767:    from all lookup default

Output of "ip route list table 1001-1099" (1001-1015 = interface tables, 1016-1099 = policy tables) : 

1001
default via 10.64.64.64 dev 3g-wan1 
1002
default via 192.168.67.254 dev eth1 
1016
default via 10.64.64.64 dev 3g-wan1  metric 1 
1017
default via 192.168.67.254 dev eth1  metric 1 
1018
default  metric 1 
    nexthop via 192.168.67.254  dev eth1 weight 2
    nexthop via 10.64.64.64  dev 3g-wan1 weight 3
1019
default via 10.64.64.64 dev 3g-wan1  metric 1 
default via 192.168.67.254 dev eth1  metric 2 
1020
default via 192.168.67.254 dev eth1  metric 1 
default via 10.64.64.64 dev 3g-wan1  metric 2 
1021
default via 192.168.67.254 dev eth1  metric 2 
1022
default via 192.168.67.254 dev eth1  metric 1 
default via 10.64.64.64 dev 3g-wan1  metric 2

Output of "iptables -L -t mangle -v -n | awk '/mwan3/' RS=" : 

Chain PREROUTING (policy ACCEPT 2951 packets, 594K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3032  601K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 1183 packets, 93953 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1235 98251 mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 1214 packets, 418K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1276  430K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 2982 packets, 918K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3066  932K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1   142 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
   62  4787 MARK       all  --  *      *       0.0.0.0/0            192.168.66.0/24     mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.67.0/24     mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 

Chain mwan3_post (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  742 89863 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x200/0xff00 
  487 70061 MARK       all  --  *      3g-wan1  0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x100/0xff00 
 1112  386K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff 
 4301 1030K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00 

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 4308 1031K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00 
  689  278K MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00 
  423  108K MARK       all  --  3g-wan1 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00 
  486 47698 mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
  408 41149 mwan3_wan  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
  140 20184 mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    8   480 MARK       all  --  *      *       0.0.0.0/0            67.228.228.244      mark match 0x0/0xff00 MARK xset 0x1000/0xff00 
   29  1761 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 MARK xset 0x1000/0xff00 
   74 14448 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1400/0xff00 

Chain mwan3_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  408 41149 mwan3_wan1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  380 37828 mwan3_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_wan1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   62  5192 MARK       all  --  *      *       179.224.184.192      0.0.0.0/0           MARK xset 0x100/0xff00 

Chain mwan3_wan2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  206 15773 MARK       all  --  *      *       192.168.67.1         0.0.0.0/0           MARK xset 0x200/0xff00

Output of "ifconfig" : 

3g-wan1   Link encap:Point-to-Point Protocol  
          inet addr:179.224.184.192  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:453 errors:0 dropped:0 overruns:0 frame:0
          TX packets:522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:110095 (107.5 KiB)  TX bytes:72267 (70.5 KiB)

eth0      Link encap:Ethernet  HWaddr 90:F6:52:B9:CF:27  
          inet addr:192.168.66.254  Bcast:192.168.66.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11188 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1593959 (1.5 MiB)  TX bytes:4966966 (4.7 MiB)
          Interrupt:5 

eth1      Link encap:Ethernet  HWaddr 90:F6:52:B9:CF:29  
          inet addr:192.168.67.1  Bcast:192.168.67.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:732417 (715.2 KiB)  TX bytes:408158 (398.5 KiB)
          Interrupt:4 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:151 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:11666 (11.3 KiB)  TX bytes:11666 (11.3 KiB)

Output of "cat /etc/config/mwan3" : 

config rule 'whatsmyip'
    option dest_ip 'whatsmyip.us'
    option proto 'all'
    option use_policy 'wan1_only'

config rule 'Porta443'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan1_only'

config rule 'DefaultGW'
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option use_policy 'wan2_pri_wan1_sec'

config interface 'wan1'
    option enabled '1'
    option count '1'
    option down '3'
    option up '8'
    option reroute '0'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option timeout '3'
    option interval '10'

config interface 'wan2'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reroute '0'

config member 'wan1_m1_w3'
    option interface 'wan1'
    option metric '1'
    option weight '3'

config member 'wan1_m2_w3'
    option interface 'wan1'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan1_only'
    list use_member 'wan1_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan1_wan2_loadbalanced'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan1_pri_wan2_sec'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_pri_wan1_sec'
    list use_member 'wan1_m2_w3'
    list use_member 'wan2_m1_w2'

config interface 'wan3'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '5'
    option reroute '0'
    option enabled '1'

config member 'wan3_m1_w2'
    option interface 'wan3'
    option metric '1'
    option weight '2'

config member 'wan3_m2_w2'
    option interface 'wan3'
    option metric '2'
    option weight '2'

config policy 'wan2_wan3_loadbalanced'
    list use_member 'wan2_m2_w2'
    list use_member 'wan3_m2_w2'

config policy 'wan2_wan3_Pri_wan1_sec'
    list use_member 'wan1_m2_w3'
    list use_member 'wan2_m1_w2'
    list use_member 'wan3_m1_w2'

Output of "cat /etc/config/network" : 

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option proto 'static'
    option netmask '255.255.255.0'
    option ipaddr '192.168.66.254'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0'

config switch
    option name 'eth0'
    option reset '1'

config interface 'wan1'
    option proto '3g'
    option device '/dev/ttyUSB2'
    option apn 'zap.vivo.com.br'
    USERNAME HIDDEN
    PASSWORD HIDDEN
    option metric '50'

config interface 'wan2'
    option proto 'dhcp'
    option ifname 'eth1'
    option metric '40'

config interface 'wan3'
    option proto 'dhcp'
    option metric '20'

Sorry for my english and post size.

[]'s
Renato

Hi,

Another problem that happens sometimes:

root-> ps|grep mwan
 5086 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 208.67.220.220 8.8.8.8
 5604 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67.220.220 8.8.8.8
 5781 root      1492 S    grep mwan
[02:45:28 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
[02:45:43 /]
root-> ps|grep mwan
 6123 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 208.67.220.220 8.8.8.8
 6646 root      1492 S    grep mwan
[02:45:44 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
[02:45:58 /]
root-> ps|grep mwan
 7360 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67.220.220 8.8.8.8
 7531 root      1492 S    grep mwan
[02:46:02 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
[02:46:15 /]
root-> ps|grep mwan
 8277 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67.220.220 8.8.8.8
 8416 root      1492 S    grep mwan
[02:46:17 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
Segmentation fault
[02:46:29 /]
root-> ps|grep mwan
 9102 root      1492 S    grep mwan
[02:46:30 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
[02:46:43 /]
root-> ps|grep mwan
 9739 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67.220.220 8.8.8.8
 9893 root      1492 S    grep mwan
[02:46:44 /]
root-> /etc/init.d/mwan3 restart
Segmentation fault
[02:46:58 /]
root-> ps|grep mwan
10227 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 208.67.220.220 8.8.8.8
10775 root      1492 S    grep mwan
[02:47:00 /]
root-> /etc/init.d/mwan3 restart
[02:47:19 /]
root-> ps|grep mwan
11176 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 208.67.220.220 8.8.8.8
11651 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67.220.220 8.8.8.8
11813 root      1492 S    grep mwan
[02:47:21 /]
root->

I found that the problem is here:

root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:21 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:28 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:33 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:39 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
Segmentation fault
[05:44:43 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
Segmentation fault
[05:44:47 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:52 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:44:58 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:04 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:09 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:14 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:20 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:25 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:29 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
Segmentation fault
[05:45:33 ~]
root-> env -i ACTION=ifdown INTERFACE=wan2 DEVICE=eth1 /sbin/hotplug-call iface
[05:45:38 ~]
root-> 

(Last edited by tcherenato on 7 Aug 2013, 21:49)

Hi Tim,

I solved my problem with mwan3track:

[06:20:19 ~]
root-> /etc/init.d/mwan3 restart
[06:20:45 ~]
root-> /etc/init.d/mwan3 restart
[06:21:12 ~]
root-> /etc/init.d/mwan3 restart
[06:21:40 ~]
root-> /etc/init.d/mwan3 restart
[06:22:10 ~]
root-> ps|grep mwan3
 3421 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 20
 3979 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67
 4273 root      1492 S    grep mwan3
[06:22:17 ~]
root-> /etc/init.d/mwan3 restart
[06:22:44 ~]
root-> /etc/init.d/mwan3 restart
[06:23:09 ~]
root-> /etc/init.d/mwan3 restart
[06:23:37 ~]
root-> /etc/init.d/mwan3 restart
[06:24:04 ~]
root-> /etc/init.d/mwan3 restart
[06:24:32 ~]
root-> /etc/init.d/mwan3 restart
[06:24:59 ~]
root-> ps|grep mwan3                                                                              
10620 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 20
11167 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67
11382 root      1492 S    grep mwan3
[06:25:01 ~]
root-> /etc/init.d/mwan3 restart
[06:25:29 ~]
root-> /etc/init.d/mwan3 restart                                                                  
[06:25:57 ~]
root-> /etc/init.d/mwan3 restart
[06:26:23 ~]
root-> ps|grep mwan3                                                                              
14179 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan1 3g-wan1 1 1 3 10 3 8 20
14764 root      1508 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan2 eth1 1 1 2 5 3 8 208.67
14968 root      1492 S    grep mwan3
[06:26:25 ~]
root-> 

if it is useful for someone else, I added a "sleep 1" in /sbin/hotplug-call, line 16:

root-> cat /sbin/hotplug-call                                                                     
#!/bin/sh
# Copyright (C) 2006-2010 OpenWrt.org

export HOTPLUG_TYPE="$1"

. /lib/functions.sh

PATH=/bin:/sbin:/usr/bin:/usr/sbin
LOGNAME=root
USER=root
export PATH LOGNAME USER

[ \! -z "$1" -a -d /etc/hotplug.d/$1 ] && {
        for script in $(ls /etc/hotplug.d/$1/* 2>&-); do (
                [ -f $script ] && . $script
                sleep 1
        ); done
}

[]'s
Renato

Hi Renato,


Thank you for the extensive replies. It makes trouble-shooting easy. As for your problem, it works as designed.

If you have a traffic rule that matches and marks the packet to be send out of a wan interface that is down, it will not match any ip rule. Therefor it will use the main routing table te determine which interface to use.

If you don't want this behaviour, you could try the loopback trick, described earlier in this thread. Or you could just firewall the traffic.


PS: I'm not Tim  wink

(Last edited by Adze on 8 Aug 2013, 02:22)

Thank you Tim,

My goal is to allow traffic through port 443 only by wan1, then I just blocked all traffic going out through port 443 by WAN2, in firewall rules. Problem solved!

I was in doubt due to the wiki:
http://wiki.openwrt.org/doc/howto/mwan3

wan1_only

    send traffic out only through wan1; if wan1 goes down, any traffic assigned to go to this policy will fail to send (this is done by only including the single policy "wan1_m1_w3")

Now I began to understand better mwan3.

Thanks for the great package. Is very useful! Better than the multiw... imho!

[]'s
Renato

tcherenato wrote:

I was in doubt due to the wiki:
http://wiki.openwrt.org/doc/howto/mwan3

Hi tcherenato,

Sorry about that. I wrote that in the wiki just based on the "_only" language in the rule name. I have updated the wiki page with Adze's explanation.

p.s. This is Tim but it is Adze, the author of mwan3, that was replying before.

So Sorry (I Made A Mistake)!!!    :-(   I think I am going crazy...

Thank you too, Adze and excuse my stumbling!

[]'s
Renato

Hi thdyck,

Thanks again for the wiki!!! I will do a thorough reading tonight. And add some extra info.

non-primary wan2 goes down and up, traffic switches to mwan2

Hi, wanted to check on this one.

mwan3 is configured to route all traffic to wan1 with wan2 being the failover (wan1_pri_wan2_sec).

Early this morning, wan2 went down. No problem as wan1 is fine. But when wan2 came up again around 9:30, traffic switched over to going out wan2 at that point.  I needed to run /etc/init.d/mwan3 restart to restore wan1 as the default.

The output below is from before the mwan3 restart, while wan2 was still sending out traffic.

I will try to reproduce in a test environment but wanted to raise it in case Adze sees right away why this might be.

Thanks,
Tim


==

Both wan interfaces are reported up in LuCI:

MWAN3 Multi-WAN Interface Live Status
    wan1 (eth0.50) : ONLINEwan2 (eth0.51) : ONLINE

MWAN3 Multi-WAN Interface Systemlog
Last 50 MWAN3 systemlog entries. Newest entries sorted at the top :

Aug  8 09:22:48 mccokGW02 user.info mwan3: ifup interface wan2 (eth0.51)
Aug  8 09:22:46 mccokGW02 user.info mwan3track: Interface wan2 (eth0.51) is online
Aug  8 09:15:33 mccokGW02 user.info mwan3track: Lost 794 ping(s) on interface wan2 (eth0.51)




==

Software versions :

OpenWrt - OpenWrt Attitude Adjustment 12.09 (r36088)
mwan3 - 1.2-17
luci-app-mwan3 - 1.1-13

Firewall default output policy (must be ACCEPT) :

ACCEPT

Output of "ip route show" :

default via 99.235.226.1 dev eth0.50  proto static  metric 10
default via 10.1.51.1 dev eth0.51  proto static  metric 20
10.1.1.0/24 via 10.1.4.2 dev br-lan  proto static
10.1.4.0/24 dev br-lan  proto kernel  scope link  src 10.1.4.1
10.1.6.0/24 via 10.1.254.1 dev tun0  scope link
10.1.7.0/24 via 10.1.254.1 dev tun0  scope link
10.1.51.0/24 dev eth0.51  proto static  scope link  metric 20
10.1.254.0/24 dev tun0  proto kernel  scope link  src 10.1.254.1
10.2.1.0/24 via 10.1.254.1 dev tun0  scope link
10.2.4.0/24 via 10.1.254.1 dev tun0  scope link
10.3.1.0/24 via 10.1.254.1 dev tun0  scope link
10.3.4.0/24 via 10.1.254.1 dev tun0  scope link
10.4.1.0/24 via 10.1.254.1 dev tun0  scope link
10.4.4.0/24 via 10.1.254.1 dev tun0  scope link
10.5.1.0/24 via 10.1.254.1 dev tun0  scope link
10.5.4.0/24 via 10.1.254.1 dev tun0  scope link
10.6.4.0/24 via 10.1.254.1 dev tun0  scope link
10.7.4.0/24 via 10.1.254.1 dev tun0  scope link
99.235.226.0/23 dev eth0.50  proto static  scope link  metric 10
192.168.6.0/24 via 10.1.254.1 dev tun0  scope link

Output of "ip rule show" :

0:    from all lookup local
1001:    from all fwmark 0x100/0xff00 lookup 1001
1002:    from all fwmark 0x200/0xff00 lookup 1002
1016:    from all fwmark 0x1000/0xff00 lookup 1016
1017:    from all fwmark 0x1100/0xff00 lookup 1017
1018:    from all fwmark 0x1200/0xff00 lookup 1018
1019:    from all fwmark 0x1300/0xff00 lookup 1019
1020:    from all fwmark 0x1400/0xff00 lookup 1020
32766:    from all lookup main
32767:    from all lookup default

Output of "ip route list table 1001-1099" (1001-1015 = interface tables, 1016-1099 = policy tables) :

1001
default via 99.235.226.1 dev eth0.50
1002
default via 10.1.51.1 dev eth0.51
1016
default via 99.235.226.1 dev eth0.50  metric 1
1017
default via 10.1.51.1 dev eth0.51  metric 1
1018
default  metric 1
    nexthop via 10.1.51.1  dev eth0.51 weight 2
    nexthop via 99.235.226.1  dev eth0.50 weight 3
1019
default via 10.1.51.1 dev eth0.51  metric 2
1020
default via 10.1.51.1 dev eth0.51  metric 1

Output of "iptables -L -t mangle -v -n | awk '/mwan3/' RS=" :

Chain PREROUTING (policy ACCEPT 214K packets, 40M bytes)
pkts bytes target     prot opt in     out     source               destination         
  42M 7758M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 36527 packets, 7345K bytes)
pkts bytes target     prot opt in     out     source               destination         
8302K 1727M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 35788 packets, 7884K bytes)
pkts bytes target     prot opt in     out     source               destination         
8622K 2058M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 213K packets, 41M bytes)
pkts bytes target     prot opt in     out     source               destination         
  43M 8087M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_default (1 references)
pkts bytes target     prot opt in     out     source               destination         
    9   856 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
   88  6154 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
  176 82882 MARK       all  --  *      *       0.0.0.0/0            10.1.1.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
1051 80883 MARK       all  --  *      *       0.0.0.0/0            10.1.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.1.6.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.1.7.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.1.51.0/24        mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.1.254.0/24       mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.2.1.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
   14  2153 MARK       all  --  *      *       0.0.0.0/0            10.2.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.3.1.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.3.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    1   234 MARK       all  --  *      *       0.0.0.0/0            10.4.1.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
  212 53221 MARK       all  --  *      *       0.0.0.0/0            10.4.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.5.1.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
   48  4805 MARK       all  --  *      *       0.0.0.0/0            10.5.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.6.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.7.4.0/24         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            99.235.226.0/23     mark match 0x0/0xff00 MARK xset 0x7f00/0xff00
   25  4641 MARK       all  --  *      *       0.0.0.0/0            192.168.6.0/24      mark match 0x0/0xff00 MARK xset 0x7f00/0xff00

Chain mwan3_post (2 references)
pkts bytes target     prot opt in     out     source               destination         
61996   11M MARK       all  --  *      eth0.51  0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x200/0xff00
1729K  294M MARK       all  --  *      eth0.50  0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x100/0xff00
  18M 3467M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
  51M 9815M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
pkts bytes target     prot opt in     out     source               destination         
  51M 9816M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
62805   12M MARK       all  --  eth0.51 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
1766K  299M MARK       all  --  eth0.50 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
869K   86M mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00
680K   57M mwan3_wan  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00
680K   57M mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
pkts bytes target     prot opt in     out     source               destination         
2880  240K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1300/0xff00

Chain mwan3_wan (1 references)
pkts bytes target     prot opt in     out     source               destination

Output of "ifconfig" :

br-lan    Link encap:Ethernet  HWaddr 64:70:02:5C:58:FC 
          inet addr:10.1.4.1  Bcast:10.1.4.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20087557 errors:0 dropped:15207 overruns:0 frame:0
          TX packets:19871305 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3629747669 (3.3 GiB)  TX bytes:3675359913 (3.4 GiB)

eth0      Link encap:Ethernet  HWaddr 64:70:02:5C:58:FC 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43782793 errors:0 dropped:20 overruns:60235 frame:0
          TX packets:40600350 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4207347209 (3.9 GiB)  TX bytes:4043388156 (3.7 GiB)
          Interrupt:4

eth0.4    Link encap:Ethernet  HWaddr 64:70:02:5C:58:FC 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20095141 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19878687 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3630121275 (3.3 GiB)  TX bytes:3675699485 (3.4 GiB)

eth0.50   Link encap:Ethernet  HWaddr 64:70:02:5C:58:FC 
          inet addr:99.235.226.25  Bcast:99.235.227.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14487359 errors:0 dropped:1797820 overruns:0 frame:0
          TX packets:11373774 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2144013383 (1.9 GiB)  TX bytes:2179852942 (2.0 GiB)

eth0.51   Link encap:Ethernet  HWaddr 64:70:02:5C:58:FC 
          inet addr:10.1.51.2  Bcast:10.1.51.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9200211 errors:0 dropped:9 overruns:0 frame:0
          TX packets:9347888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1940079871 (1.8 GiB)  TX bytes:2320400586 (2.1 GiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:46567 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46567 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4900210 (4.6 MiB)  TX bytes:4900210 (4.6 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.1.254.1  P-t-P:10.1.254.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7517871 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7982978 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1227390363 (1.1 GiB)  TX bytes:1533870637 (1.4 GiB)

Output of "cat /etc/config/mwan3" :

config rule 'default'
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option use_policy 'wan1_pri_wan2_sec'

config interface 'wan1'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reroute '1'

config interface 'wan2'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option count '1'
    option down '3'
    option up '8'
    option reroute '1'
    option timeout '3'
    option interval '60'
    option reliability '1'

config member 'wan1_m1_w3'
    option interface 'wan1'
    option metric '1'
    option weight '3'

config member 'wan1_m2_w3'
    option interface 'wan1'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan1_only'
    list use_member 'wan1_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan1_wan2_loadbalanced'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan1_pri_wan2_sec'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_pri_wan1_sec'
    list use_member 'wan1_m2_w3'
    list use_member 'wan2_m1_w2'

Output of "cat /etc/config/network" :

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.4'
    option type 'bridge'
    option proto 'static'
    option ipaddr '10.1.4.1'
    option netmask '255.255.255.0'

config interface 'wan1'
    option ifname 'eth0.50'
    option proto 'dhcp'
    option metric '10'

config interface 'wan2'
    option ifname 'eth0.51'
    option _orig_ifname 'eth0.51'
    option _orig_bridge 'false'
    option proto 'static'
    option netmask '255.255.255.0'
    option metric '20'
    option ipaddr '10.1.51.2'
    option gateway '10.1.51.1'

config switch
    option name 'rtl8366rb'
    option reset '1'
    option enable_vlan '1'
    option enable_vlan4k '1'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '1'
    option ports '5t'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '2'
    option ports '5t'

config switch_vlan
    option device 'rtl8366rb'
    option ports '0 1 2 5t'
    option vlan '4'

config switch_vlan
    option device 'rtl8366rb'
    option ports '3 5t'
    option vlan '50'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '51'
    option ports '4 5t'

config interface 'vpn'
    option proto 'none'
    option ifname 'tun0'

config route
    option interface 'lan'
    option target '10.1.1.0'
    option netmask '255.255.255.0'
    option gateway '10.1.4.2'

===

Hi Tim,


Maybe a long shot, but try to remove the following lines in your network config:

    option _orig_ifname 'eth0.51'
    option _orig_bridge 'false'

It maybe related to a bug in mwan3...

Hello,
I try to configure 3G failover.
This is routing table:
root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3gg
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.30.0     0.0.0.0         255.255.252.0   U     10     0        0 eth1
0.0.0.0         192.168.30.1     0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.64.64.64     0.0.0.0         UG    30     0        0 3gg
and
MWAN3 Multi-WAN Troubleshooting
MWAN3 package versions :
mwan3 - 1.2-9
luci-app-mwan3 - local-1
Firewall default output policy (must be ACCEPT) :
ACCEPT
Output of "ip route show" :

10.64.64.64 dev 3gg  proto kernel  scope link  src 188.198.20.205
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1
192.168.30.0/22 dev eth1  proto static  scope link  metric 10
default via 192.168.30.1 dev eth1  proto static  metric 10
default via 10.64.64.64 dev 3gg  proto static  metric 30

Output of "ip rule show" :

0:    from all lookup local
1001:    from all fwmark 0x100/0xff00 lookup 1001
1002:    from all fwmark 0x200/0xff00 lookup 1002
1016:    from all fwmark 0x1000/0xff00 lookup 1016
1017:    from all fwmark 0x1100/0xff00 lookup 1017
1018:    from all fwmark 0x1200/0xff00 lookup 1018
32766:    from all lookup main
32767:    from all lookup default

Output of "ip route list table 1001-1099" (1001-1015 = interface tables, 1016-1099 = policy tables) :

1001
default via 192.168.30.1 dev eth1
1002
default via 10.64.64.64 dev 3gg
1016
default via 192.168.30.1 dev eth1  metric 1
default via 10.64.64.64 dev 3gg  metric 2
1017
default via 192.168.30.1 dev eth1  metric 1
1018
default via 10.64.64.64 dev 3gg  metric 1

Output of "iptables -L -t mangle -v -n | awk '/mwan3/' RS=" :

Chain PREROUTING (policy ACCEPT 2389 packets, 777K bytes)
pkts bytes target     prot opt in     out     source               destination         
7357 2660K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 634 packets, 72088 bytes)
pkts bytes target     prot opt in     out     source               destination         
1707  188K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 239 packets, 62329 bytes)
pkts bytes target     prot opt in     out     source               destination         
  616  142K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 1824 packets, 739K bytes)
pkts bytes target     prot opt in     out     source               destination         
5793 2567K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_default (1 references)
pkts bytes target     prot opt in     out     source               destination         
   23  2380 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match !0x8000/0x8000 MARK or 0x8000
  354 80526 MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.30.0/22      mark match !0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (2 references)
pkts bytes target     prot opt in     out     source               destination         
   24  2016 MARK       all  --  *      3gg   0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
2452  646K MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
4997 2105K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
7500 2755K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
pkts bytes target     prot opt in     out     source               destination         
7973 2802K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
   24  2016 MARK       all  --  3gg  *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
3867 1908K MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
3965  878K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
  534 36118 mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
pkts bytes target     prot opt in     out     source               destination         
  104  7867 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1000/0xff00

Output of "ifconfig" :

3gg     Link encap:Point-to-Point Protocol 
          inet addr:188.198.20.205  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:2140 (2.0 KiB)  TX bytes:2164 (2.1 KiB)

br-lan    Link encap:Ethernet  HWaddr 00:D0:50:43:BF:C6 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2d0:50ff:fe43:bfc6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3305 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3170 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:735095 (717.8 KiB)  TX bytes:1942486 (1.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:D0:50:43:BF:C6 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3376 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3163 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:841530 (821.8 KiB)  TX bytes:1942060 (1.8 MiB)
          Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 00:D0:50:43:BF:C7 
          inet addr:172.30.19.54  Bcast:172.30.19.255  Mask:255.255.252.0
          inet6 addr: fe80::2d0:50ff:fe43:bfc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6823 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2505 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2282539 (2.1 MiB)  TX bytes:687391 (671.2 KiB)
          Base address:0xe000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2619 (2.5 KiB)  TX bytes:2619 (2.5 KiB)

Output of "cat /etc/config/mwan3" :

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'

config interface '3g'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'

config member 'wan_m1_w2'
    option interface 'wan'
    option metric '1'
    option weight '2'

config member 'wan_m2_w2'
    option interface 'wan'
    option metric '2'
    option weight '2'

config member '3g_m1_w3'
    option interface '3g'
    option metric '1'
    option weight '3'

config member '3g_m2_w3'
    option interface '3g'
    option metric '2'
    option weight '3'

config policy 'wan_pri_3g_sec'
    list use_member 'wan_m1_w2'
    list use_member '3g_m2_w3'

config policy 'wan_only'
    list use_member 'wan_m1_w2'

config policy '3g_only'
    list use_member '3g_m1_w3'

config rule 'wan_g3'
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option use_policy 'wan_pri_3g_sec'

Output of "cat /etc/config/network" :

config switch 'eth0'
    option enable '1'

config switch_vlan 'eth0_1'
    option device 'eth0'
    option vlan '1'
    option ports '0 1 2 3 4'

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'

config interface '3g'
    option ifname 'ppp0'
    option device '/dev/ttyUSB2'
    option service 'umts'
    option proto '3g'
    option ctrldev '/dev/ttyUSB1'
    option apn 'AGD'
    option pincode '1234'
    option username 'user'
    option password 'user'
    option metric '30'

config interface 'wan'
    option proto 'dhcp'
    option ifname 'eth1'
    option metric '10'

When I unplug eth1 cable, routing table is not changed – eth1 entries are not deleted:
root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3gg
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.30.0     0.0.0.0         255.255.252.0   U     10     0        0 eth1
0.0.0.0         192.168.30.1     0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.64.64.64     0.0.0.0         UG    30     0        0 3gg

When I unplug 3g dongle, 3gg entries are removed from routing table:

root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.30.0     0.0.0.0         255.255.252.0   U     10     0        0 eth1
0.0.0.0         192.168.30.1     0.0.0.0         UG    10     0        0 eth1


Why eth1 entries from rooting table are not removed when eth1 cable is unpluged? Is mwan3 correctly configured?
Why for entry 10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3gg   metric is 0, and not 30?

Thanks

(Last edited by vinca on 12 Aug 2013, 09:39)

Hello and thanks everyone once again, for the contribution to this project. Finally I've found some spare time to post some feedback.

I'm stuck on mwan3_1.2-11_all.ipk instead of the latest mwan3_1.2-17_all.ipk because I had some issues, which I will try to describe below.

Using the mwan3_1.2-11_all.ipk I had to do the loopback trick to loadbalance traffic generated from the router itself. Since some versions this is not needed anymore (as I can understand), so I removed the loopback trick and installed the latest (mwan3_1.2-17_all.ipk) version and then some strange behavior started.

This is the new config (with the option reroute, which is the only difference between the old config):

config rule 'dnsomatic'
    option use_policy 'default'
    option dest_ip '67.215.92.0/24'

config rule 'skype'
    option proto 'tcp'
    option use_policy 'wan_only'
    option dest_port '8000'
    option dest_ip '0.0.0.0/0'

config rule 'https'
    option proto 'tcp'
    option use_policy 'wwan_only'
    option dest_port '443,8443,2087'
    option dest_ip '0.0.0.0/0'

config rule 'internet'
    option use_policy 'wan_wwan_loadbalanced'
    option dest_ip '0.0.0.0/0'
    option equalize '1'

config interface 'wan'
    option enabled '1'
    option timeout '5'
    option down '5'
    option up '3'
    option reliability '3'
    option count '3'
    option interval '30'
    list track_ip 'xxx.xxx.xxx.xxx'
    list track_ip 'xxx.xxx.xxx.xxx'
    list track_ip 'xxx.xxx.xxx.xxx'
    option reroute '1'

config interface 'wwan'
    option enabled '1'
    list track_ip 'xxx.xxx.xxx.xxx'
    list track_ip 'xxx.xxx.xxx.xxx'
    list track_ip 'xxx.xxx.xxx.xxx'
    option timeout '5'
    option down '5'
    option up '3'
    option reliability '3'
    option count '3'
    option interval '30'
    option reroute '1'

config member 'wan_m1_w4'
    option interface 'wan'
    option metric '1'
    option weight '4'

config member 'wan_m2_w4'
    option interface 'wan'
    option metric '2'
    option weight '4'

config member 'wwan_m1_w3'
    option interface 'wwan'
    option metric '1'
    option weight '3'

config member 'wwan_m2_w3'
    option interface 'wwan'
    option metric '2'
    option weight '3'

config policy 'wan_only'
    list use_member 'wan_m1_w4'

config policy 'wwan_only'
    list use_member 'wwan_m1_w3'

config policy 'wan_wwan_loadbalanced'
    list use_member 'wan_m1_w4'
    list use_member 'wwan_m1_w3'

config policy 'wan_pri_wwan_sec'
    list use_member 'wan_m1_w4'
    list use_member 'wwan_m2_w3'

config policy 'wwan_pri_wan_sec'
    list use_member 'wan_m2_w4'
    list use_member 'wwan_m1_w3'

The errors:

First of all I ran /etc/init.d/mwan3 restart, and it blew this one: iptables: Too many levels of symbolic links.
A restart is needed, I thought, and did so. When the system was ready, I re-ran the above command, with the same result, errors.

After that, I did one more restart to check everything else was OK. Only sites using https was able to load, and everything else was giving me a "Connection Reset" errors. I thought maybe there was a misconfiguration, so I did the following:

Disabled wan interface and routed all the traffic (using mwan3 rules) through wwan. The result was the same: https was ok, everything else was dead. After that I had no time to spend to investigate further the problem (for which I'm sorry, because I have no free time at all to contribute more) and rolled back to mwan3_1.2-11_all.ipk.

That's my story. Thanks in advance for reading my post. If anything more is needed or I have missed anything, let me know.

(Last edited by headless.cross on 9 Aug 2013, 14:10)

vinca wrote:

Why eth1 entries from rooting table are not removed when eth1 cable is unpluged? Is mwan3 correctly configured?

Mwan3 does nothing to the default routing table! Any entry removed or added to the default routing table is done by another application or process.

headless.cross wrote:

First of all I ran /etc/init.d/mwan3 restart, and it blew this one: iptables: Too many levels of symbolic links.

I found the same error with iptables, It is due to you using "wan" as an interface name.  If you change your wan interface name to wan0 or anything apart from wan it will work, or at least it will get past this problem.

(Last edited by coltect on 10 Aug 2013, 13:53)

Hi Adze,
I am using mwan3 and getting some trouble,could you help me fix them?Thank you very much!
My h.w is RG100A-AA, F.W version is OP Backfire 10.03.1, mwan3 shows wan1(pppoe-wan1) ONLINE, wan2(pppoe-wan2) ONLINE, but there is a warning on the Luci webpage:

WARNING: some interfaces have duplicate metrics configured in /etc/config/network!

I am sure the metrics in /etc/config/network are not the same,here is my config in network:

# Copyright (C) 2008 OpenWrt.org

config 'switch' 'eth1'
    option 'reset' '1'
    option 'enable_vlan' '3'
        
config 'switch_vlan'
    option 'device' 'eth1'
    option 'vlan' '0'
    option 'ports' '0 5'
                
config 'interface' 'loopback'
        option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'
                                
config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth1.0'
        option 'proto' 'static'
        option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'
        option 'nat' '1'
    option 'dns' '8.8.8.8'
                                                    
config 'switch_vlan' 'eth1_1'
    option 'device' 'eth1'
    option 'vlan' '1'
    option 'ports' '1 2 5'

config 'switch_vlan' 'eth1_2'
        option 'device' 'eth1'
     option 'vlan' '2'
    option 'ports' '3 5'

config 'interface' 'wan1'
    option 'ifname' 'eth1.1'
    option '_orig_ifname' 'eth1.1'
    option '_orig_bridge' 'false'
    option 'proto' 'pppoe'
    option 'username' 'b*****8'
    option 'password' '******'
    option 'peerdns' '0'
    option 'dns' '8.8.8.8'
    option 'metric' '10'
    
config 'interface' 'wan2'
    option 'ifname' 'eth1.2'
    option '_orig_ifname' 'eth1.2'
    option '_orig_bridge' 'false'
    option 'proto' 'pppoe'
    option 'username' '1*********6'
    option 'password' '******'
    option 'metric' '20'
    option 'peerdns' '0'
    option 'dns' '8.8.4.4 8.8.8.8'

config 'interface' 'wan'     
    option 'ifname'    'eth0'
    option 'proto'    'dhcp'
    option 'metric' '30'

and route -n shows:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
*.*.102.1    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan2
*.*.136.1   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
0.0.0.0         *.*.136.1   0.0.0.0         UG    0      0        0 pppoe-wan1

Is there missing

0.0.0.0         *.*.102.1   0.0.0.0         UG    0      0        0 pppoe-wan2

and all the metrics are 0, I don't know where I config incorrect :-(

orz wrote:

My h.w is RG100A-AA, F.W version is OP Backfire 10.03.1, and all the metrics are 0, I don't know where I config incorrect

Hi orz, I don't think OpenWrt Backfire 10.03.1 is supported by mwan3. Have you tried OpenWrt 12.09?

Regards,
Tim

thdyck wrote:
orz wrote:

My h.w is RG100A-AA, F.W version is OP Backfire 10.03.1, and all the metrics are 0, I don't know where I config incorrect

Hi orz, I don't think OpenWrt Backfire 10.03.1 is supported by mwan3. Have you tried OpenWrt 12.09?

Regards,
Tim

Dear Tim,
    Thank you so much, you are right, I've updated the F.W version,now it is 12.09, and the problems I mentioned above are all gone, mwan3 works well, it's so amazing, thank you again :-)

Adze wrote:

Hi Tim,
Maybe a long shot, but try to remove the following lines in your network config:

    option _orig_ifname 'eth0.51'
    option _orig_bridge 'false'

It maybe related to a bug in mwan3...

Hi Adze, thanks for the idea. I removed those lines and re-tested -- the unexpected failover to wan2 did _not_ occur. So, that looks like it did the trick.

Thanks also for all your updates to the wiki page. There is a lot more technical detail there now.

Regards,
Tim

tcherenato wrote:

Hi Tim,
if it is useful for someone else, I added a "sleep 1" in /sbin/hotplug-call, line 16:
Renato

Hi Renato, thanks for finding that. I had a problem where if I configured OpenVPN to start at device bootup along with ddns-scripts and mwan3, I would have a segmentation fault sometimes. Adding the sleep 1 fix you describe avoids the segmentation fault.

Regards,
Tim

coltect wrote:
headless.cross wrote:

First of all I ran /etc/init.d/mwan3 restart, and it blew this one: iptables: Too many levels of symbolic links.

I found the same error with iptables, It is due to you using "wan" as an interface name.  If you change your wan interface name to wan0 or anything apart from wan it will work, or at least it will get past this problem.

Above problem is fixed in version 1.2-18. Thank you for reporting!

Adze wrote:
vinca wrote:

Why eth1 entries from rooting table are not removed when eth1 cable is unpluged? Is mwan3 correctly configured?

Mwan3 does nothing to the default routing table! Any entry removed or added to the default routing table is done by another application or process.

Hi Adze,

I'm interested if the test scenario is correct. So, if I unplug cable, rules for this interface from default routing table must be removed. Correct? Otherwise, if rules remain in default routing table, 3g is not used for failover.

Thanks

Hi Vinca,


Routing entries for ethernet based interfaces will stay in the default routing table, as there is no mean of detecting that the cable is disconnected. Mwan3 only uses the default routing table for information on next-hop addresses.

It is incorrect to state that that the failover will not occur as long as the rules for the primary interface are still in the default routing table.

Adze wrote:

Above problem is fixed in version 1.2-18. Thank you for reporting!

Thank you {{{ Adze }}}. I'll upgrade. Version 1.2-18 is ready?

Now hit the name!!!  ;-)

[]'s
Rnato

tcherenato wrote:

Version 1.2-18 is ready?

Yes and it's available at https://github.com/Adze1502/mwan

tcherenato wrote:

Now hit the name!!!  ;-)

hehe  wink

(Last edited by Adze on 13 Aug 2013, 16:18)

coltect wrote:
headless.cross wrote:

First of all I ran /etc/init.d/mwan3 restart, and it blew this one: iptables: Too many levels of symbolic links.

I found the same error with iptables, It is due to you using "wan" as an interface name.  If you change your wan interface name to wan0 or anything apart from wan it will work, or at least it will get past this problem.

Thank you for the clarification. Before updating to the newest release, it worked like a charm (and works now, of course)!


Adze wrote:

Above problem is fixed in version 1.2-18. Thank you for reporting!

Thank you for fixing that! As stated above, I have already updated the binary and I finally figured out what is causing all those "Connection Reset" errors smile: I was running (successfully, with previous versions of mwan3) a transparent proxy (privoxy) for content filtering, just redirecting all http traffic at port 80, to internal 8118 (this is the port which privoxy is listening to). After disabling that redirect, no more "Connection Reset" errors (on port 80, of course), but no content filtering sad.

What info can I provide to investigate further the problem?


Edit: I just did again all the tests and the resulst is the same: When privoxy is running and the firewall rule redirects all http traffic on port 80 for filtering, the browser responds with "Connection Reset" error.

(Last edited by headless.cross on 13 Aug 2013, 19:04)