What's new

AC86U: Dual WAN Routing Rules - Trying to set *only* one device to use secondary WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Blazemonkey

Occasional Visitor
I'm just trying to configure the dual wan options, not for load balancing or failover, I just one device to use the secondary wan interface. Everything else I'd like route thru the primary wan interface.

All devices are on the same subnet. Now, I can get my one device to reliably route thru secondary wan, but other devices are routing out thru either one..

I can't write rules for every device on the network, and everything else I've tried does not route this one device over secondary wan.

Any suggestions? Here's a screenshot of my config:


1609169128874.png
 
I'm just trying to configure the dual wan options, not for load balancing or failover, I just one device to use the secondary wan interface. Everything else I'd like route thru the primary wan interface.

All devices are on the same subnet. Now, I can get my one device to reliably route thru secondary wan, but other devices are routing out thru either one..

I can't write rules for every device on the network, and everything else I've tried does not route this one device over secondary wan.

Any suggestions? Here's a screenshot of my config:


View attachment 28871
It's been a while since I used Dual-WAN, but you should still be able to override the GUI Load Balancing Primary/Secondary (WAN0:WAN1) ratio such as your 3:1 to 1:0 by using the following command
Code:
iptables -t mangle -R balance "$(iptables -nvL balance --line -t mangle | grep -F "xset 0x90000000" | cut -d' ' -f1)" -m connmark --mark 0x0 -j CONNMARK --set-xmark 0x80000000/0xf0000000
and your required single GUI routing rule for 192.168.42.18 via Secondary (WAN1) should be honoured.
 
I'm just trying to configure the dual wan options, not for load balancing or failover, I just one device to use the secondary wan interface. Everything else I'd like route thru the primary wan interface.

All devices are on the same subnet. Now, I can get my one device to reliably route thru secondary wan, but other devices are routing out thru either one..

I can't write rules for every device on the network, and everything else I've tried does not route this one device over secondary wan.

Any suggestions? Here's a screenshot of my config:


View attachment 28871
Just change your second rule to all-all-Primary WAN. I've been using dual wan like this for a long time.
 
Just change your second rule to all-all-Primary WAN. I've been using dual wan like this for a long time.

This wouldn't work at all, you can't even apply these settings: "Source IP and Destination IP can not be ALL at the same time."
 
What I do is set the DCHP server ending pool up to like .127. So the router will only issue local IPs between 192.168.1.3 and 192.168.1.127.
1609200110157.png


Then I set up the rules like this using /25. So 192.168.1.1/25 would have a last IP of 192.168.1.127
1609200133587.png


Anything I want on my primary WAN I give a manual IP of say 192.168.1.129:
1609200291366.png



If you think you need more auto assigning DCHP range you could use like 192.168.1.1/25 192.168.1.127/26 in your rules to have a total of 6 rules. I don't really have over 30 clients connecting at any one time 192.168.1.1/25 is plenty for my needs.
 
This wouldn't work at all, you can't even apply these settings: "Source IP and Destination IP can not be ALL at the same time."
My bad it should be 192.168.1.0/24-all-Primary Wan. Change the CIDR notation to your subnet.
 
It's been a while since I used Dual-WAN, but you should still be able to override the GUI Load Balancing Primary/Secondary (WAN0:WAN1) ratio such as your 3:1 to 1:0 by using the following command
Code:
iptables -t mangle -R balance "$(iptables -nvL balance --line -t mangle | grep -F "xset 0x90000000" | cut -d' ' -f1)" -m connmark --mark 0x0 -j CONNMARK --set-xmark 0x80000000/0xf0000000
and your required single GUI routing rule for 192.168.42.18 via Secondary (WAN1) should be honoured.

I'm not sure if this is doing anything at all to be honest.
 
Last edited:
What I do is set the DCHP server ending pool up to like .127. So the router will only issue local IPs between 192.168.1.3 and 192.168.1.127.

Then I set up the rules like this using /25. So 192.168.1.1/25 would have a last IP of 192.168.1.127

Anything I want on my primary WAN I give a manual IP of say 192.168.1.129:

If you think you need more auto assigning DCHP range you could use like 192.168.1.1/25 192.168.1.127/26 in your rules to have a total of 6 rules. I don't really have over 30 clients connecting at any one time 192.168.1.1/25 is plenty for my needs.

Looks like this the answer. unfortunately, there's quite a lot of stuff configured currently on /24, so it would be a lot of work to reconfigure. And this is literally a single proxmox container that I'm trying to get routed on its own dedicated wan. I initially hoped I could setup a vlan for this, but not possible with these 86u's..
 
Looks like this the answer. unfortunately, there's quite a lot of stuff configured currently on /24, so it would be a lot of work to reconfigure. And this is literally a single proxmox container that I'm trying to get routed on its own dedicated wan. I initially hoped I could setup a vlan for this, but not possible with these 86u's..
Would you give this a try?
First rule 192.168.42.18-all-Secondary WAN
Second rule 192.168.42.0/24-all-Primary WAN
The first rule has priority over the second one so everything else besides .18 will use the primary WAN.
 
Would you give this a try?
First rule 192.168.42.18-all-Secondary WAN
Second rule 192.168.42.0/24-all-Primary WAN
The first rule has priority over the second one so everything else besides .18 will use the primary WAN.

I thought the software was Linux based and the bottom most rule takes precedence over the upper rules?

 
I thought the software was Linux based and the bottom most rule takes precedence over the upper rules?

The dual wan code is closed source and written by Asus. At least from my observation it's the upper rule first.
 
My secondary broadband was enabled today. No combination/ordering of these rules would route 192.168.0.50's traffic via the Secondary WAN.

First rule 192.168.0.50-all-Secondary WAN
Second rule 192.168.0.0/24-all-Primary WAN

I have changed the DHCP scope to 192.168.0.0/25 and given my gaming PC a new static IP address within subnet 192.168.0.128/25

192.168.0.0/25-all = Primary WAN
192.168.0.128/25-all = Secondary WAN

All traffic is now being routed correctly, with only my gaming PC using the secondary WAN link
 
What I do is set the DCHP server ending pool up to like .127. So the router will only issue local IPs between 192.168.1.3 and 192.168.1.127.
View attachment 28884

Then I set up the rules like this using /25. So 192.168.1.1/25 would have a last IP of 192.168.1.127
View attachment 28885

Anything I want on my primary WAN I give a manual IP of say 192.168.1.129:
View attachment 28886


If you think you need more auto assigning DCHP range you could use like 192.168.1.1/25 192.168.1.127/26 in your rules to have a total of 6 rules. I don't really have over 30 clients connecting at any one time 192.168.1.1/25 is plenty for my needs.


I don't think the rules to route traffic from the internet to the internal subnets are required.

All connections will be created 'outbound' and any replies will automatically arrive via the WAN that sent the outbound packets.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top