What's new

Dual WAN (Failover with LTE LAN modem) & /28 Static Public IP DNAT/SNAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Nodens

Occasional Visitor
I have fiber WAN to AX88U and a static /28 from my ISP. I assign two IPs from this /28 to two servers providing public services.

The configuration I use is this:

in nat-start:
Code:
ip addr add xxx.xxx.xxx.xxx/28 dev ppp0
iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -j DNAT --to-destination 192.168.3.2
iptables -t nat -I POSTROUTING -o ppp0 -s 192.168.3.2 -j SNAT --to xxx.xxx.xxx.xxx

Now my ISP also finally managed to fix their 4G "Internet Backup" service to support clients with static IP packages
so I'm trying to setup failover. I tested failover and it works great (apart from being set as Cold-Standby initially for some
reason but I added "service "restart_wan_if 1"" in services_start and that got fixed).

My problem is trying to get the 1:1 NAT to work with the failover WAN2. I saw that that the router gets WAN2 IP address
on eth1. The LTE modem is set as bridged and my ISP provides the same static ip endpoint to both the fiber connection
and the LTE one. So both ppp0 and eth1 get assigned yyy.yyy.yyy.yyy public address.

So what I did was adding this rule to nat-start:
Code:
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.3.2 -j SNAT --to xxx.xxx.xxx.xxx

So that internal ip is also SNATed to the public address when also going through eth1.

Then I created wan1-connected and added:
Code:
ip addr add xxx.xxx.xxx.xxx/28 dev eth1

and also wan0-connected and added:
Code:
ip addr del xxx.xxx.xxx.xxx dev eth1

When I pull the WAN1 LAN cable WAN2 gets activated and ppp0 no longer exists (although I'm not so sure if that would
be still the case on a failure that doesn't involve me pulling the cable). So I add the ip allias to eth1 and the NAT rules
should just work.. But they don't.

The first problem is that wan1-connected is never called. So the ip alias is never added (no idea why this happens --
wan0-connected gets called normally on failback) but when I manually do "ip addr add xxx.xxx.xxx.xxx/28 dev eth1"
The server loses connectivity to the internet. I can not figure out why this happens. It should work.

Doing "ping -I xxx.xxx.xxx.xxx 1.1.1.1" works just fine from the router. And the NAT tables look good.

Any ideas cause it's driving me crazy for the past 48 hours?


As a side note, in case this is related because it is also weird. The LTE modem has a web interface at 192.168.5.1. I added
a static route for 192.168.5.1 pointing to it's public address on eth1. I do this for all bridged routers so I can access their interface.
While I can ping 192.168.5.1 from the router, I can't do the same from the server. The traceroute from the server shows
the first hop (the AX88U gateway) but it never goes beyond that.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top