Menu
What's new
By:
Filters Better Search

2WAN setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

nivuc

New Around Here
I'm trying to make ASUSwrt-merlin's dual WAN setup work in a specific way, and I'm not sure if I even can.

ASUS router with dual wan turned on in active. LAN side is 192.168.30.1/24
WAN 1 goes to a cable modem. The cable modem is in bridge mode and assigns a public IPv4 address to WAN1. It's configuration/status page is also reachable at 192.168.100.1
WAN 2 goes to a 4G modem. This modem is in bridge mode and assigns a public IPv4 address to WAN2. It's configuration/status page is also reachable at 192.168.5.1

When WAN1 is up:
I want traffic leaving the router, from any LAN client, to public IPs exit via WAN1.
I want traffic destined for 192.168.100.1 to exit via WAN1.
I want traffic destined for 192.168.5.1 to exit via WAN2.
I expect inbound request from WAN1 to match the NAT rules and pass through to LAN IPs as appropriate.
I want inbound requests from WAN2 to be dropped.


When WAN1 is down:
I want traffic leaving the router, from specific LAN clients, to public IPs exit via WAN2.
I want traffic leaving the router, from all other LAN clients, to public IPs to be dropped.
I want traffic destined for 192.168.100.1 to exit via WAN1.
I want traffic destined for 192.168.5.1 to exit via WAN2.
I expect inbound request from WAN2 to match the NAT rules and pass through to LAN IPs as appropriate.

To determine If WAN1 is up/down, I don't want to use the built in "ping some IP" check, but rather use a script to periodically connect to http://192.168.100.1 and parse the response.

I think what I need is a script that does the up/down check via cron, and based on the results swaps between 2 different iptables and interface route definitions. As I try to build this out, the issue I think I am running into is an issue with the default WAN management functionality fighting me. Has anyone gotten something like what I describe above working; and if so, can you share your set up?
 
Dual WAN doesn't work properly on Asus routers. Here is a script fixing some things:

www.snbforums.com

Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...
www.snbforums.com www.snbforums.com
 
nivuc said:
I'm trying to make ASUSwrt-merlin's dual WAN setup work in a specific way, and I'm not sure if I even can.

ASUS router with dual wan turned on in active. LAN side is 192.168.30.1/24
WAN 1 goes to a cable modem. The cable modem is in bridge mode and assigns a public IPv4 address to WAN1. It's configuration/status page is also reachable at 192.168.100.1
WAN 2 goes to a 4G modem. This modem is in bridge mode and assigns a public IPv4 address to WAN2. It's configuration/status page is also reachable at 192.168.5.1

When WAN1 is up:
I want traffic leaving the router, from any LAN client, to public IPs exit via WAN1.
I want traffic destined for 192.168.100.1 to exit via WAN1.
I want traffic destined for 192.168.5.1 to exit via WAN2.
I expect inbound request from WAN1 to match the NAT rules and pass through to LAN IPs as appropriate.
I want inbound requests from WAN2 to be dropped.


When WAN1 is down:
I want traffic leaving the router, from specific LAN clients, to public IPs exit via WAN2.
I want traffic leaving the router, from all other LAN clients, to public IPs to be dropped.
I want traffic destined for 192.168.100.1 to exit via WAN1.
I want traffic destined for 192.168.5.1 to exit via WAN2.
I expect inbound request from WAN2 to match the NAT rules and pass through to LAN IPs as appropriate.

To determine If WAN1 is up/down, I don't want to use the built in "ping some IP" check, but rather use a script to periodically connect to http://192.168.100.1 and parse the response.

I think what I need is a script that does the up/down check via cron, and based on the results swaps between 2 different iptables and interface route definitions. As I try to build this out, the issue I think I am running into is an issue with the default WAN management functionality fighting me. Has anyone gotten something like what I describe above working; and if so, can you share your set up?
Click to expand...

For Dual WAN in Failover Mode:
What you'll need to is put the following in a startup script, perhaps wan-event:
Modify IPS List as necessary with 1 IP per line.

Code: 
# Default route for WAN0 Routing Table
if [ -z "$(ip route list default table 100 | grep -e "$(nvram get wan0_gw_ifname)")" ] >/dev/null;then
  ip route add default via $(nvram get wan0_gateway) dev $(nvram get wan0_gw_ifname) table 100
fi
# Default route for WAN1 Routing Table
if [ -z "$(ip route list default table 200 | grep -e "$(nvram get wan1_gw_ifname)")" ] >/dev/null;then
  ip route add default via $(nvram get wan1_gateway) dev $(nvram get wan1_gw_ifname) table 200
fi
# IP Rule for Traffic destined to 192.168.100.1
if [ ! -z "$(ip rule list from all to 192.168.100.1 lookup wan0 priority 100)"
  ip rule add from all to 192.168.100.1 lookup wan0 priority 100
fi
# IP Rule for Traffic destined to 192.168.5.1
if [ ! -z "$(ip rule list from all to 192.168.5.1 lookup wan1 priority 100)"
  ip rule add from all to 192.168.5.1 lookup wan1 priority 100
fi

# Delete/Create Blackhole rule based on Primary WAN
if [[ "$(nvram get wan0_primary)" == "1" ]] >/dev/null;then
  if [ ! -z "$(ip rule list from all priority 200 | grep -w "blackhole")"
    ip rule del blackhole from all priority 200
  fi
elif [[ "$(nvram get wan1_primary)" == "1" ]] >/dev/null;then
  if [ -z "$(ip rule list from all priority 200 | grep -w "blackhole")"
    ip rule add blackhole from all priority 200
  fi
fi

# Create IP Rules for IPs to be rerouted when WAN0 is down.
# Array of IPs to failover when WAN0 is down.
IPS='
192.168.1.2
192.168.1.3
192.168.1.4
'
for $IP in ${IPS};do
  if [[ "$(nvram get wan0_primary)" == "1" ]] >/dev/null;then
    if [ ! -z "$(ip rule list from $IP to all lookup 200 priority 100)"
      ip rule del from $IP to all lookup 200 priority 100
    fi
  elif [[ "$(nvram get wan1_primary)" == "1" ]] >/dev/null;then
    if [ -z "$(ip rule list from $IP to all lookup 200 priority 100)"
      ip rule add from $IP to all lookup 200 priority 100
    fi
  fi
done

Put these in the nat-start script:
Code: 
# Masquerade Rule for WAN0
if [ -z "$(iptables -t nat -L POSTROUTING -v -n | awk '{ if( /MASQUERADE/ && /'$(nvram get wan0_gw_ifname)'/ && /'$(nvram get wan0_ipaddr)'/ ) print $3 }')" ] >/dev/null;then
  iptables -t nat -A POSTROUTING -o $(nvram get wan0_gw_ifname) ! -s $(nvram get wan0_ipaddr) -j MASQUERADE
fi
# Masquerade Rule for WAN1
if [ -z "$(iptables -t nat -L POSTROUTING -v -n | awk '{ if( /MASQUERADE/ && /'$(nvram get wan1_gw_ifname)'/ && /'$(nvram get wan1_ipaddr)'/ ) print $3 }')" ] >/dev/null;then
  iptables -t nat -A POSTROUTING -o $(nvram get wan1_gw_ifname) ! -s $(nvram get wan1_ipaddr) -j MASQUERADE
fi
# Masquerade Rule for 192.168.100.1
if [ -z "$(iptables -t nat -L POSTROUTING -v -n | awk '{ if( /MASQUERADE/ && /'$(nvram get wan0_gw_ifname)'/ && /192.168.100.1/ ) print $3 }')" ] >/dev/null;then
  iptables -t nat -A POSTROUTING -o $(nvram get wan0_gw_ifname) -d 192.168.100.1 -j MASQUERADE
fi
# Masquerade Rule for 192.168.5.1
if [ -z "$(iptables -t nat -L POSTROUTING -v -n | awk '{ if( /MASQUERADE/ && /'$(nvram get wan1_gw_ifname)'/ && /192.168.5.1/ ) print $3 }')" ] >/dev/null;then
  iptables -t nat -A POSTROUTING -o $(nvram get wan1_gw_ifname) -d 192.168.5.1 -j MASQUERADE
fi

The only thing I did not cover is your custom request for curl to 192.168.100.1 for output.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Questions about AiDisk (FTP) and remote access of USB HDD - Load balancing and CGNAT
Replies
1
Views
324
OzarkEdge
OzarkEdge
M
iptables module rateest - loadbalancing split over
Replies
0
Views
262
michael249478
M
C
Is there a way to only stop the second wan interface?
Replies
3
Views
519
FernandoF
F
D
Sending AT commands to 5G modem.
Replies
6
Views
236
Tech Junky
T
V
IPv6 Passthrough failure on USB WAN
Replies
4
Views
536
Analog-1
A
Similar threads
Thread starter Title Forum Replies Date
JA93 Easiest setup for remote log server Asuswrt-Merlin 0
D RT-AC86U no Quick Internet Setup wizard and fails as AI-Mesh node Asuswrt-Merlin 9
Nas.CloudBusinessPortal Dual Wan setup with hotspot Asuswrt-Merlin 4
B How to setup IPV6 static route for Docker IPVLAN Asuswrt-Merlin 0
J Best setup for a wifi extender Asuswrt-Merlin 19
STRUZZIN Mesh Settings For AX58U Setup Asuswrt-Merlin 35
Preskitt.man setup ac68U as bridge to eero network for vpn support Asuswrt-Merlin 18
S Anyone have a rote basic setup guide for a AX86U? Asuswrt-Merlin 17
Nas.CloudBusinessPortal Fallback roter hardware setup Asuswrt-Merlin 4
G VPN client setup - VPN Director option not listed for redirect internet traffic Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 709 (members: 28, guests: 681)
Top