Menu
What's new
By:
Filters Better Search

2 WAN (ISPs) merge LANs

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

jofrabt

New Around Here
Hi everyone,

I'm new so I hope not to break any rule, I have the following setup currently at home
upload_2016-6-8_9-45-19.png


This is the approach I kind of need (just corrected) since the ISP B has more bandwidth than the ISP A,

What I need to accomplish is the following:

  • Communication between LAN A and LAN B internally
  • Access RPI services from the Internet
Issues I've encountered with actual setup:
  • Port Forwarding from LAN A to LAN B is not working
  • DNS resolution becomes slow
  • Communication from LAN B to LAN A does not work but it works backwards

Any help would be much appreciated, thanks
 
Depends on the router, as long as you use a configurable one its much easier. I think your network is confused, it just doesnt have specific paths.

Looking at your setup it is seems really bad. Is your entire network in the same building? If it is you are using the wrong router. Although many here call me a mikrotik fan theres a reason why routers like mikrotik are very useful and this is one of them but they arent necessary. just much easier to do this with.

Im going to assume its all in the same building. You have 2 WANs and 2 LANs. The consumer router you have cannot handle 2 LANs, it doesnt have the configurative ability for it (i hope @RMerlin can add LAN port VLANs and layer 3 segmentation to his firmware, if it is already there please correct me, i suspect his firmware can do it but by modifying files via SSH ). Essentially you want to connect both WANs to the router with CPU connected ports, have both modems only as bridge and have the router handle the layer 3 segmentation and routing so LAN 1 and 2 can communicate without port forwarding but at the same time using VLAN to prevent layer 2 between LAN 1 and 2 so that the popular DLNA will not work between LAN 1 and 2.

Because WAN 1 and 2 are different you have to do load balancing, there are many types and you shouldnt balance based on bandwidth. Balance WANs by using their latency and a bit of selective routing. If WAN 1 has lower latency to a particular server make a rule to route traffic meant for it through that WAN. If WAN 2 has lower internet latency, (your ping to ISP, google and core local datacenters and servers are lower) than make that the priority WAN. Essentially this is the purpose of BGP so you can have multiple WANs but everyone updates each other on what is the fastest route between places but ISPs do not simply offer that, you'd need some real expensive internet for it (still feel free to ask your ISP for BGP but your router must support it).

Some routers can learn, if given 2 routes with equal weightage they will use the faster one (the one with lower latency).

I know the concept of networking is that you can wire things about in the ways you want but there are optimal ways to do things and suboptimal ways to do things.

with RMerlin's firmware you can use IPTables to replace port forwarding if you only want LAN 1 and 2 to communicate only via the allowed ports/protocols. But this is only with the setup i suggested.

Edit: Just for a bit of humour ( you will need to be a networking guy to understand it) you can use your network setup. So if using a configurable router heres how you do it.

LAN 1 has your PCs, LAN 2 has your pi server and other modem that is doing NAT. So your router has WAN defined like normal for the modem connected to it. Now for the other network your router needs to be a part of it so give it an IP like a client, it should have a weightage of 0 just like LAN 1. Define the gateway of that LAN in the route to being your modem that is acting as a router.

Now with your modem that is also being a router define it with LAN 1, it requires an IP and set the router as gateway. Once this is done you have inter routing between LAN 1 and 2 but no load balancing yet. Now for the NAT rules, you have to define 2 NAT rules on both routers, 1 for each WAN to work for both LANs. If on a configurable router like mikrotik you can actually set the speed limit too if you want them to automatically use both in the sense of if NAT rule 1 is full than NAT rule 2 is used. This introduces a basic load balancing. Next you define your QoS and NAT hijacking rules. What this is for is after you've done the math in QoS you mark packets, and in hijacking simply change their destination. This is done for traffic within the router so instead of traffic going out at WAN 1 it can go out at WAN 2. Using QoS you can balance using priority by setting a buffer size or speed cap so extra traffic ignores that rule.

This method that you want to use is suboptimal because you have 2 routers that arent communicating. When a router has a 0.0.0.0/0 rule on LAN that means it will use LAN as WAN but also LAN.
 
Last edited:
System Error Message said:
Depends on the router, as long as you use a configurable one its much easier. I think your network is confused, it just doesnt have specific paths.

Looking at your setup it is seems really bad. Is your entire network in the same building? If it is you are using the wrong router. Although many here call me a mikrotik fan theres a reason why routers like mikrotik are very useful and this is one of them but they arent necessary. just much easier to do this with.

Im going to assume its all in the same building. You have 2 WANs and 2 LANs. The consumer router you have cannot handle 2 LANs, it doesnt have the configurative ability for it (i hope @RMerlin can add LAN port VLANs and layer 3 segmentation to his firmware, if it is already there please correct me, i suspect his firmware can do it but by modifying files via SSH ). Essentially you want to connect both WANs to the router with CPU connected ports, have both modems only as bridge and have the router handle the layer 3 segmentation and routing so LAN 1 and 2 can communicate without port forwarding but at the same time using VLAN to prevent layer 2 between LAN 1 and 2 so that the popular DLNA will not work between LAN 1 and 2.

Because WAN 1 and 2 are different you have to do load balancing, there are many types and you shouldnt balance based on bandwidth. Balance WANs by using their latency and a bit of selective routing. If WAN 1 has lower latency to a particular server make a rule to route traffic meant for it through that WAN. If WAN 2 has lower internet latency, (your ping to ISP, google and core local datacenters and servers are lower) than make that the priority WAN. Essentially this is the purpose of BGP so you can have multiple WANs but everyone updates each other on what is the fastest route between places but ISPs do not simply offer that, you'd need some real expensive internet for it (still feel free to ask your ISP for BGP but your router must support it).

Some routers can learn, if given 2 routes with equal weightage they will use the faster one (the one with lower latency).

I know the concept of networking is that you can wire things about in the ways you want but there are optimal ways to do things and suboptimal ways to do things.

with RMerlin's firmware you can use IPTables to replace port forwarding if you only want LAN 1 and 2 to communicate only via the allowed ports/protocols. But this is only with the setup i suggested.

Edit: Just for a bit of humour ( you will need to be a networking guy to understand it) you can use your network setup. So if using a configurable router heres how you do it.

LAN 1 has your PCs, LAN 2 has your pi server and other modem that is doing NAT. So your router has WAN defined like normal for the modem connected to it. Now for the other network your router needs to be a part of it so give it an IP like a client, it should have a weightage of 0 just like LAN 1. Define the gateway of that LAN in the route to being your modem that is acting as a router.

Now with your modem that is also being a router define it with LAN 1, it requires an IP and set the router as gateway. Once this is done you have inter routing between LAN 1 and 2 but no load balancing yet. Now for the NAT rules, you have to define 2 NAT rules on both routers, 1 for each WAN to work for both LANs. If on a configurable router like mikrotik you can actually set the speed limit too if you want them to automatically use both in the sense of if NAT rule 1 is full than NAT rule 2 is used. This introduces a basic load balancing. Next you define your QoS and NAT hijacking rules. What this is for is after you've done the math in QoS you mark packets, and in hijacking simply change their destination. This is done for traffic within the router so instead of traffic going out at WAN 1 it can go out at WAN 2. Using QoS you can balance using priority by setting a buffer size or speed cap so extra traffic ignores that rule.
Click to expand...

Hi,

Thanks for your reply my network is in the same building and my asus router has the merlin firmware, the actual dual wan functions are really limited, I have 2 options failback or load balancing mode, I tried both and they do not seem to work effectively, you say I'm using the wrong router but I really don't see why, please let me know
 
jofrabt said:
Hi,

Thanks for your reply my network is in the same building and my asus router has the merlin firmware, the actual dual wan functions are really limited, I have 2 options failback or load balancing mode, I tried both and they do not seem to work effectively, you say I'm using the wrong router but I really don't see why, please let me know
Click to expand...
Im not saying you're using the wrong router, i'm saying you're using the wrong setup. The best of RMerlin's firmware is from terminal not GUI.

The best setup is both modems in bridge mode. Have 1 LAN first just to make sure everything works. Than once you get your dual WAN working try to get the devices you want on another LAN. Im not sure whether you want layer 2 or 3 segmentation for your LAN.

With mikrotik doing this is very easy but not to say you cant use ubiquiti or some other configurable router to do this, just some terminal and file editing work to do. A lot of features for RMerlin's firmware require tinkering files rather than using the GUI such as with vlans, bonding on earlier broadcom ARM models, and so on.

Dual WAN is never right on consumer router, see if you can have IPTables to handle it. Theres a trick to this for the simplest but also effective dual WAN. First have the best WAN (lowest latency WAN) connected to the router's WAN port. Remember this is the quality ISP which gives the best ping, bandwidth doesnt matter in this case. Once you configure everything for first WAN, plug the 2nd WAN in, select dual WAN, make sure that both WANs are configured (Ideally you want the WANs connected but with no traffic or NAT enabled). Now check your router's routing table, there must be 2 0.0.0.0/0 routes. Go to terminal and configure IPTables. You want 2 masquerading rules (1 for each WAN), limit the first rule by bandwidth seperately for upload and download based on WAN 1 but you must set the output as WAN 1 too. Dont limit the 2nd rule which has WAN 2 as output. You should now have a simple load balancing setup that works. Using this method means no hardware acceleration for NAT.
 
Any reason why you aren't doing both LAN A and LAN B on the same router? If you need to keep the networks apart, I think it would be easier to do a VLAN.

From the diagram, it looks like you are saying LANB devices get an IP address of 192.168.0/24. Does that mean that the gateway for WAN 2 on the ASUS is also in that range?
 
You must log in or register to reply here.

Similar threads

mekki
Solved UPDATE: No longer required. See thread. - [Feature request] Option for DHCP Query Frequency Backoff Mode
2 3 4
Replies
76
Views
4K
thiggins
thiggins
L
Guest Network and Double NAT
Replies
6
Views
491
ljg1000
L
U
Hotspot to WAN Port Wired Connection
Replies
2
Views
246
Tech9
Tech9
HELLO_wORLD
Tutorial Adding custom SSID and specific VLAN (for IOT for example)
Replies
14
Views
818
alexnev
A
3
RT-AC68U with random LAN & WAN issue
Replies
11
Views
1K
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
U Hotspot to WAN Port Wired Connection Other LAN and WAN 2
D Gig WAN on 68Mbps VDSL? Other LAN and WAN 8
S Notice when WAN disconnected Other LAN and WAN 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 727 (members: 20, guests: 707)
Top