What's new

Load Balanced Dual WAN - Routing Rules

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gazal

New Around Here
Hi,

I have an Asus RT-N66U (asuswrt-merlin 376.49_5) configured in Dual WAN mode.
My primary WAN is faster but with a fair usage limit.
My secondary WAN is slower but unlimited.

I use transmission and pyload for managing downloads from the router.
How can I set a routing rule to enforce transmission and pyload to only use the secondary WAN?
I tried the following rule:

Screenshot from 2015-03-17 00:46:28.png


192.168.2.1 is the IP of the router.

But from the router's shell a simple traceroute seems to randomly pick a route through either primary or secondary WAN.
Does someone know how to get this right? Please help.
 
Same issue here. I have a secondary wan for only one device in my network and I want to reserve the connection only for it.
Is there a way to do it?
 
I tried reading through those forums. There is a lot of information about selective routing between VPN and WAN, but can someone point me in the right direction for how to do something similar between primary WAN and secondary WAN?
I use this code, similar to VPN routing.
It works for me.
Code:
#!/bin/sh


sleep 2
touch /tmp/000wanstarted
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
      echo 0 > $i
done


# Delete and table 100 and flush any existing rules if they exist.

ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING


# Copy all non-default related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN0 gateway and assign it mark "1"


ip route show table main | grep -Ev ^default | grep -Ev ppp1 \
  | while read ROUTE ; do
      ip route add table 100 $ROUTE
done

ip route add default table 100 via $(nvram get wan0_gateway)
ip rule add fwmark 1 table 100
ip route flush cache

# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the WAN1 (usb modem). If MARK is set to "1" it will use WAN0 (adsl).

#  All LAN traffic will bypass the WAN1 (Useful to put this rule first, so all traffic bypasses the WAN1 and you can configure exceptions afterwards)

iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1

# All traffic from CANARY will use the WAN1

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.51 -j MARK --set-mark 0


exit 0
 
Thank you very much. I added a similar script in /jffs/scripts/wan-start.
I tried to check whether the rules had been applied using "iptables -t nat -L", but couldn't see anything related to marking packets.
And I also tried to run a traceroute from the router, all hits went through wan1_gateway.
 
Changes to the NAT and to the MANGLE tables should be put into nat-start, otherwise they will be overwritten whenever the firewall gets restarted.
 
Putting the script in nat-start helped. However I've still not been able to accomplish my requirement.

I'd like all my regular traffic to go through wan1 and traffic from applications running within the router to go through wan0.

So instead of

Code:
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1

I tried changing it to this:

Code:
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.1 -j MARK --set-mark 1

No Luck. Then tried this:

Code:
iptables -t mangle -A PREROUTING -i lo -j MARK --set-mark 1

and this:

Code:
iptables -t mangle -A PREROUTING -i lo -m iprange --src-range 127.0.0.1 -j MARK --set-mark 1

All to no avail.

What am I doing wrong?
 
Finally, this is what worked for me:

Code:
#!/bin/sh


sleep 2
touch /tmp/000wanstarted
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
      echo 0 > $i
done


ip rule del fwmark 0 table 100
ip rule del fwmark 1 table 200

ip route flush cache
iptables -t mangle -F PREROUTING

ip rule add fwmark 0 table 100
ip rule add fwmark 1 table 200

ip route flush cache

# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the WAN0 (unlimited). If MARK is set to "1" it will use WAN1 (metered).

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.2-192.168.2.255 -j MARK --set-mark 1

exit 0
 
Could someone confirm if this would work on the stock Asus firmware? I used the script posted by Alby258, I found the jffs folder but had to create a scripts and nat-start folder.
I checked /tmp for 000wanstarted but it was not there.

I don't see any additional entries in the routing table on the GUI either.

Thanks,

Dan
 
Custom script/config support is a feature of my firmware.
 
Is the DSL-AC68U supported?

edit: Sorry I don't mean to appear to be lazy, I noted the models supported but was hoping it might be possible to use this on my model.

Is it a well known thing that the built in routing rules option on the stock firmware does not work? I noted that Gazal found the same issue I did where it ignores the rules and continues to load balance
 
Last edited:
Sorry to dredge up an old thread.

I have a similar situation, where I have a dual WAN, but I want only certain devices to use the Primary WAN and the rest to use only the Secondary WAN. I already have everything being assigned their own static IPs.

My reasoning is I don't want low priority devices like the Sonos or Nest to interfere with the traffic of my NAS when it's powering away on a torrent or what-have-you.

Is this possible with stock Asus firmware, since Merlin's doesn't run on the AC68U? I've tried looking through Asus's documentation but it's not very explanatory...

Thanks for the input.
 
I am fighting with my dual wan configure.
What's the mode of your duan wan? Failover or Loadbalance?

If you are using failover, and primary wan is down. Does it mean the policy routing will fail?

Finally, this is what worked for me:

Code:
#!/bin/sh


sleep 2
touch /tmp/000wanstarted
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
      echo 0 > $i
done


ip rule del fwmark 0 table 100
ip rule del fwmark 1 table 200

ip route flush cache
iptables -t mangle -F PREROUTING

ip rule add fwmark 0 table 100
ip rule add fwmark 1 table 200

ip route flush cache

# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the WAN0 (unlimited). If MARK is set to "1" it will use WAN1 (metered).

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.2-192.168.2.255 -j MARK --set-mark 1

exit 0
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top