Posted: Thu Nov 07, 2013 16:53 Post subject: Dual WAN, selected traffic over second WAN (help needed!)
Hi All,
I've been trying to get this working for a while now. I'm stuck. Basically, I would like to send some traffic over a second cable modem from the same ISP.
I've already configured a vlan, vlan3, for the second WAN connection, wan2, following the guide here. wan2 is up and I can ping the default gateway and ping the Asus remotely. I don't do any automatic failover, however.
I'm using the latest DD-WRT available for the Asus RT-N66U, 21676 mega.
This is my Administration->Commands->Firewall
Code:
# Configure source IP rewriting on vlan3
iptables -t nat -I POSTROUTING -o vlan3 -s 192.168.42.0/24 -j SNAT --to $(nvram get wan2_ipaddr)
# Add default gateway to 900 table
ip route add default via $(nvram get wan2_gateway) table 900
# Anything with this fwmark will use the 900 table
ip rule add fwmark 0x1 table 900
# Mark ReadyTalk
iptables -A OUTPUT -t mangle -o vlan1 -d 66.151.54.0/24 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -o vlan1 -d 63.251.200.0/24 -j MARK --set-mark 1
# Mark PhonePower (we assign specific IPs)
iptables -A OUTPUT -t mangle -o vlan1 --src-range 192.168.42.250-192.168.42.254 -j MARK --set-mark 1
# Mark Google Hangouts
iptables -A OUTPUT -t mangle -o vlan1 -p tcp --dport 19305:19309 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -o vlan1 -p udp --dport 19305:19309 -j MARK --set-mark 1
# And to test with
iptables -A OUTPUT -t mangle -o vlan1 -d 192.0.2.1 -j MARK --set-mark 1
# Flush changes
ip route flush cache
However traffic to 192.0.2.1 (not my real test IP) still comes from the primary WAN. I test this by SSHing to 192.0.2.1 and running `who --ips`.
`iptables -L -t mangle -n` shows the values set above.
Code:
root@gateway:~# iptables -L -t mangle -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
FILTER_IN 0 -- 0.0.0.0/0 0.0.0.0/0
MARK 0 -- 0.0.0.0/0 99.232.106.124 MARK or 0x80000000
CONNMARK 0 -- 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK 0 -- 0.0.0.0/0 66.151.54.0/24 MARK set 0x1
MARK 0 -- 0.0.0.0/0 63.251.200.0/24 MARK set 0x1
MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:19305:19309 MARK set 0x1
MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:19305:19309 MARK set 0x1
MARK 0 -- 0.0.0.0/0 192.0.2.1 MARK set 0x1
I try to verify that the rule is configured with `ip rule list` but the command returns blank output. Any of the usual `ip rule` commands don't work. This leads me to believe `ip rule` doesn't work at all.
Code:
root@gateway:~# ip rule list
root@gateway:~#
Help? I'm at a loss as to what to do next at this point.
I'm not using a script - just want to make sure the default source routing works correctly with one command:
root@router:~# ip rule add from 192.168.1.86 table 10
RTNETLINK answers: Address family not supported by protocol