RT-N16 & Dual WAN

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
andycpp
DD-WRT Novice


Joined: 14 Feb 2010
Posts: 7
PostPosted: Wed Feb 17, 2010 20:21    Post subject: RT-N16 & Dual WAN Reply with quote
I'm trying to setup dual WAN (based on Wiki articles) but have no luck (errors during ip route add defaults part RTNETLINK: No such process).

What I have:
RT-N16 (10.0.0.1)
WAN Modem1 (82.1.1.1 - dhcp based)
WAN Modem2 (192.1.1.1 - static)
Comp1 (10.0.0.10)
Comp2 (10.0.0.20)
Comp3 (10.0.0.30)
DD-WRT v24-sp2 (02/03/10) big - build 13832

What I want:
1) route WAN traffic from Comp2 & Comp3 through Modem1
2) route WAN traffic from Comp1 through Modem2
3) pressing EZSetup button - either all traf through Modem 1 or previous mode
4) adjust firewall rules through Web GUI (80 port to Comp2, 25/443 port to Comp3, 1234 port to Comp1)

Kindly ask to provide me with the full script :)

p.s. I've made such a config (except button) under Oleg's firmware & wl-550gE... But have troubles with dd-wrt & n16 Sad
Back to top View user's profile Send private message
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Wed Feb 17, 2010 22:21    Post subject: Reply with quote
You can't change the VLAN port assignments for gigabit switches.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
andycpp
DD-WRT Novice


Joined: 14 Feb 2010
Posts: 7
PostPosted: Thu Feb 18, 2010 4:57    Post subject: Reply with quote
phuzi0n wrote:
You can't change the VLAN port assignments for gigabit switches.


Actually, I can. And did it Smile
The trick was to turn on vlan3 and assign 192.1.1.X ip to it. After it no problems - some ip rules & some iptables, that's it.
I'll post complete script here soon, so gurus will adjust & optimize it Smile
Back to top View user's profile Send private message
andycpp
DD-WRT Novice


Joined: 14 Feb 2010
Posts: 7
PostPosted: Fri Feb 19, 2010 7:41    Post subject: Reply with quote
Please, optimize it :)

-- on time commands
Code:

nvram set vlan3ports = "0 1 8"
nvram set vlan3hwname = "et0"
nvram commit


-- commands in script
Code:

ifconfig vlan3 down
ifconfig vlan3 hw ether E0:00:00:92:F5:88
ifconfig vlan3 192.1.1.5 netmask 255.255.255.0 broadcast 192.1.1.255 up
 
iptables -I FORWARD 5 -j logdrop -i ! br0 -o vlan3
 
iptables -t nat -A PREROUTING -j VSERVER -d 192.1.1.5
 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -j SNAT -o vlan2 -s 10.0.0.0/24 --to-source 82.1.1.1
iptables -t nat -A POSTROUTING -j SNAT -o vlan3 -s 10.0.0.0/24 --to-source 192.1.1.5
iptables -t nat -A POSTROUTING -j MASQUERADE -o br0 -s 10.0.0.0/24 -d 10.0.0.0/24
 
ip route add 82.1.1.0/25 dev vlan3 table 82
ip route add 10.0.0.0/24 dev br0 table 82
ip route add default via 82.1.1.100 prio 82 table 82
 
ip rule del from 10.0.0.20
ip rule del from 10.0.0.30
ip rule add from 10.0.0.20 table 82 prio 82
ip rule add from 10.0.0.30 table 82 prio 82
 
ip route delete default
ip route add default via 192.1.1.1

_________________
Asus WL-550gE -> Asus RT-N16 -> Linksys WRT32X
Back to top View user's profile Send private message
Fonel
DD-WRT Novice


Joined: 30 Jan 2009
Posts: 2
PostPosted: Fri Feb 26, 2010 21:37    Post subject: Reply with quote
I have a Asus RT-N16 and I have also been trying to get dual-WAN working without much luck. Now my situation is that I have fast a cable line that is really unstable and a slow ADSL line that is really stable, so what I want to do is to use both lines simultaneously and when the cable line stops working I do not lose the Internet only lose the speed until the cable line starts working.

Alternatively another setup that might work would be using the cable line all the time until it stops working and then automatically fail over the the ADSL line until the cable line comes back up then it starts using the cable line again. Could you suggest how I might accomplish this?
Back to top View user's profile Send private message
Masterman
DD-WRT Guru


Joined: 24 Aug 2009
Posts: 2070
Location: South Florida
PostPosted: Sat Feb 27, 2010 4:28    Post subject: Reply with quote
andycpp wrote:
Please, optimize it :)

-- on time commands
Code:

nvram set vlan3ports = "0 1 8"
nvram set vlan3hwname = "et0"
nvram commit


-- commands in script
Code:

ifconfig vlan3 down
ifconfig vlan3 hw ether E0:00:00:92:F5:88
ifconfig vlan3 192.1.1.5 netmask 255.255.255.0 broadcast 192.1.1.255 up
 
iptables -I FORWARD 5 -j logdrop -i ! br0 -o vlan3
 
iptables -t nat -A PREROUTING -j VSERVER -d 192.1.1.5
 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -j SNAT -o vlan2 -s 10.0.0.0/24 --to-source 82.1.1.1
iptables -t nat -A POSTROUTING -j SNAT -o vlan3 -s 10.0.0.0/24 --to-source 192.1.1.5
iptables -t nat -A POSTROUTING -j MASQUERADE -o br0 -s 10.0.0.0/24 -d 10.0.0.0/24
 
ip route add 82.1.1.0/25 dev vlan3 table 82
ip route add 10.0.0.0/24 dev br0 table 82
ip route add default via 82.1.1.100 prio 82 table 82
 
ip rule del from 10.0.0.20
ip rule del from 10.0.0.30
ip rule add from 10.0.0.20 table 82 prio 82
ip rule add from 10.0.0.30 table 82 prio 82
 
ip route delete default
ip route add default via 192.1.1.1



If I had dual WAN I would test this, but if it truly works, this needs to be added to the Wiki. I wonder if it works for routers with switches other than what the RT-N16 has..?
_________________
Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
Back to top View user's profile Send private message
andycpp
DD-WRT Novice


Joined: 14 Feb 2010
Posts: 7
PostPosted: Sun Feb 28, 2010 18:31    Post subject: Improved :) Reply with quote
- One time commands -----
nvram set vlan3ports=1 8
nvram set vlan2ports=0 8
nvram set vlan1ports=4 3 2 8*
nvram commit
nvram save

- Startup script -----
#!/bin/sh
ifconfig vlan3 down
ifconfig vlan3 hw ether E0:CB:EE:92:F5:88
ifconfig vlan3 192.1.1.5 netmask 255.255.255.0 broadcast 192.1.1.255 up

- Firewall script -----
#!/bin/sh
iptables -I FORWARD 5 -j logdrop -i ! br0 -o vlan3

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -j SNAT -o vlan2 -s 10.0.0.0/24 --to-source 82.1.1.1
iptables -t nat -A POSTROUTING -j SNAT -o vlan3 -s 10.0.0.0/24 --to-source 192.1.1.5
iptables -t nat -A POSTROUTING -j MASQUERADE -o br0 -s 10.0.0.0/24 -d 10.0.0.0/24

iptables -t nat -I PREROUTING -j DNAT -p udp --dport 44044 -d 192.1.1.5 --to 10.0.0.10:44044
iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 44044 -d 192.1.1.5 --to 10.0.0.10:44044


iptables -I FORWARD -j logaccept -p udp --dport 44044 -d 10.0.0.10
iptables -I FORWARD -j logaccept -p tcp --dport 44044 -d 10.0.0.10


ip route add 82.1.1.0/25 dev vlan3 table 82
ip route add 10.0.0.0/24 dev br0 table 82
ip route add default via 82.1.1.129 prio 82 table 82

ip rule del from 10.0.0.20
ip rule del from 10.0.0.30
ip rule add from 10.0.0.20 table 82 prio 82
ip rule add from 10.0.0.30 table 82 prio 82

ip route delete default
ip route add default via 192.1.1.1
----------------------------------

Remark about 44044 port - for the torrent client. Other ports opened for the Comp2 & Comp3 through Web GUI.

p.s. how to change port/bind of Web GUI?? I wanna run Squid/Pound on 10.0.0.1:80, but GUI already there Sad
_________________
Asus WL-550gE -> Asus RT-N16 -> Linksys WRT32X
Back to top View user's profile Send private message
kmb
DD-WRT User


Joined: 05 May 2010
Posts: 63
PostPosted: Wed Sep 29, 2010 4:38    Post subject: Reply with quote
I have rt-n16 and firmware rev 15230

vlan2 - wan-port (ISP1)
vlan0 - lan4-port (ISP2)

Code:
[root@DD-WRT-N16 root]$ nvram show | grep ports
vlan2ports=0 8
vlan0ports=1 8
vlan1ports=4 3 2 8*



Code:
ifconfig:
vlan0     Link encap:Ethernet  HWaddr E0:CB:4E:C0:19:D6
          inet addr:10.1.28.52  Bcast:10.1.28.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:24697 (24.1 KiB)

vlan2     Link encap:Ethernet  HWaddr E0:CB:4E:C0:19:D7
          inet addr:10.5.24.55  Bcast:10.5.31.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2218 errors:0 dropped:0 overruns:0 frame:0
          TX packets:561 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:364797 (356.2 KiB)  TX bytes:123530 (120.6 KiB)



Code:
[root@DD-WRT-N16 root]$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.5.24.1       0.0.0.0         255.255.255.255 UH        0 0          0 vlan2
10.1.28.0       0.0.0.0         255.255.255.0   U         0 0          0 vlan0
10.10.1.0       0.0.0.0         255.255.255.0   U         0 0          0 br0
10.5.24.0       0.0.0.0         255.255.248.0   U         0 0          0 vlan2
10.1.0.0        10.1.28.1       255.255.0.0     UG        0 0          0 vlan0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         10.5.24.1       0.0.0.0         UG        0 0          0 vlan2


10.5.24.1 - gateway ISP1
10.1.28.1 - gateway ISP2

Code:
[root@DD-WRT-N16 root]$ ping 10.5.24.1
PING 10.5.24.1 (10.5.24.1): 56 data bytes
64 bytes from 10.5.24.1: seq=0 ttl=255 time=4.251 ms
64 bytes from 10.5.24.1: seq=1 ttl=255 time=1.015 ms

--- 10.5.24.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.015/2.633/4.251 ms
[root@DD-WRT-N16 root]$ ping 10.1.28.1
PING 10.1.28.1 (10.1.28.1): 56 data bytes

--- 10.1.28.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss


ISP1 worked.
ISP2 not worked. Why? Sad
Back to top View user's profile Send private message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Wed Sep 29, 2010 9:17    Post subject: Reply with quote
Don't use VLAN 0 on gigabit models and whichever VLAN you add needs to have vlan#hwname=et0 set.

http://www.dd-wrt.com/wiki/index.php/Switched_Ports
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
kmb
DD-WRT User


Joined: 05 May 2010
Posts: 63
PostPosted: Thu Sep 30, 2010 5:14    Post subject: Reply with quote
phuzi0n, Thanks for you answer. Change vlan0 on vlan3 it's works! Smile
Back to top View user's profile Send private message
ramsundaram
DD-WRT Novice


Joined: 17 Oct 2011
Posts: 1
PostPosted: Mon Oct 17, 2011 16:36    Post subject: Re: Improved :) Reply with quote
andycpp wrote:

- Firewall script -----
...
iptables -t nat -A POSTROUTING -j SNAT -o vlan2 -s 10.0.0.0/24 --to-source 82.1.1.1


Isn't the 82.1.1.1 IP assigned through DHCP? Do you manually change it each time it changes?

Ram
Back to top View user's profile Send private message
mnour.tamer
DD-WRT Novice


Joined: 18 May 2012
Posts: 45
PostPosted: Tue Aug 14, 2012 13:40    Post subject: Reply with quote
Hello,

when I try to do any nvram command , then reboot I can't access the router not any more . I can't ping

please I need help for this problem .
Back to top View user's profile Send private message
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7644
PostPosted: Tue Aug 14, 2012 13:51    Post subject: Reply with quote
mnour.tamer wrote:
Hello,

when I try to do any nvram command , then reboot I can't access the router not any more . I can't ping

please I need help for this problem .


Then you probably did a wrong nvram command.
Kinda guessing, don't know for sure
_________________
Kernel panic: Aiee, killing interrupt handler!
Back to top View user's profile Send private message
mnour.tamer
DD-WRT Novice


Joined: 18 May 2012
Posts: 45
PostPosted: Wed Aug 15, 2012 18:01    Post subject: Reply with quote
Hello

I have Asus N-16 I am using the latest firmware of DD-WRT mega 19519 .

I am testing dual wan using two ports
The first one is a DHCP client to other device which is directly connected to the Modem.
The Second one is connected though RG-45 to a router that has 3G USB stick connected.

I am using this Tutorial
http://www.darkhawk.net/dd-wrt/scripts/_readme-first.txt

of course there is some differences , lets go step by step .

-----------------------------------------------------

1. Make sure nothing is connected to port 4 on the router (will hook 2nd WAN device here later).

2. Log into router gui and goto Setup > VLANS and change port 4 to vlan 3, click save and then apply settings.

3. Make sure your sshd or telnet and jffs is enabled and you have at least 180k free space.

4. Log into router using your favorite ssh or telnet client (I use Putty).

5. type mkdir /jffs/scripts if it doesn't complain it worked.

6. type cd /jffs and hit enter then type wget http://www.darkhawk.net/dd-wrt/scripts/iptables and enter.
(This downloads iptables to jffs folder).

7. Type cd scripts and enter then type the following:
wget http://www.darkhawk.net/dd-wrt/scripts/firewall.firewall
wget http://www.darkhawk.net/dd-wrt/scripts/routes.firewall
wget http://www.darkhawk.net/dd-wrt/scripts/udhcpc-wan2.script

8. Type chmod -R a+x /jffs and enter.

9. Next type the following:

nvram set vlan1ports="1 2 3 8*"
nvram set vlan3ports="4 8"
nvram set vlan3hwname=et0
nvram set rc_startup="udhcpc -s /jffs/scripts/udhcpc-wan2.scripts -i vlan3 /jffs/scripts/routes.firewall"
nvram set rc_firewall="/jffs/scripts/routes.firewall /jffs/scripts/firewall.firewall"
nvram commit
reboot

-----------------------------------------------------

until now everything is OK.

10. Router should reboot now and come back up calling the scripts. Plug 2nd WAN device into port 4.

11. Log into router via ssh or telnet and type ifconfig. You should see vlan1 and vlan2 and both should have an ip address.

--- there is no IP address for the Wan2

-----------------------------------------------------

12. If you don't see vlan2 you didn't do something right so start over. If vlan2 doesn't have an ip address run:
udhcpc -s /jffs/scripts/udhcpc-wan2.script -i vlan2 and see what happens. (If it throws an error or hangs
something is wrong with the file maybe. If it shows an ip then you are golden.

---- Done

-----------------------------------------------------

Next run
/jffs/scripts/routes.firewall and then /jffs/scripts/firewall.firewall and if neither show errors then you are good to go.

---- it throw me an error

-sh: /jffs/scripts/routes.firewall: not found

and by the way I changed vlan1 to vlan2 and vlan2 to vlan3 in the file firewall.firewall


so any Help please???
Back to top View user's profile Send private message
mnour.tamer
DD-WRT Novice


Joined: 18 May 2012
Posts: 45
PostPosted: Mon Aug 20, 2012 16:38    Post subject: Reply with quote
so any good news about this situation ???
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum