Routing with dual WAN

[Poesia]

Greetings!

I have an Asus RT-AX86U with a load balancing dual wan setup. I don't use the load balancing mechanism per se, but I have segmented my LAN subnet as follows so that I can control which device is using which connection:

1. 192.168.1.0/26 ==> Primary WAN (Eth0)
2. 192.168.1.64/26 ==> Secondary WAN (Eth5)
3. 192.168.1.128/26 ==> Secondary WAN (Eth5)
4. 192.168.1.192/26 ==> Secondary WAN (Eth5)

Eth0 is 192.168.2.56
Eth5 is 192.168.0.30
Br0 is 192.168.1.1 (LAN)

My servers are on the first subnet, because the Primary WAN has a static IP and greater upload speed. I can access them outside. However, I have some devices on the other subnets that are running services I'd like to access using Primary WAN's IP.

What should I do if I'd like to access 192.168.1.101:8082 via Primary WAN but otherwise use Secondary WAN? Is this doable?

I appreciate any help.

 

[ColinTaylor]

Just create a port forwarding rule for 192.168.1.101:8082 as normal. Test to see if that works.

 

[Poesia]

Just create a port forwarding rule for 192.168.1.101:8082 as normal. Test to see if that works.

Sorry, I forgot to mention that normal port forwarding does not work. It does work for devices that are using Primary WAN.

 

[eibgrad]

It's never going to work because of RPF (reverse-path filtering). We see the same issue w/ users of the OpenVPN client who want to have a given client bound to the OpenVPN client, yet still have remote access to that same client via the WAN. It's can't be done because RPF prevents it. That feature of the routing system and connection tracking is purposely designed to prevent packets of the same connection from entering and leaving the local network via different gateways.

IOW, you have to make a choice between one WAN or the other, for *all* operations, at least if you're relying on the default gateway. You can't have it both ways.

The only way it will work is if you define static routes that bind the remote public IP of those wanting remote access over the primary WAN, to the primary WAN.

 

[Poesia]

Okay, thanks. I think I figured out a workaround. I had an extra NIC the MAC of which I bound to an IP handled by the Primary WAN. Then I adjusted metrics appropriately. Now it seems that I can access all the services on that PC via the Primary WAN and still use Secondary WAN for everything else.

 

[eibgrad]

Okay, thanks. I think I figured out a workaround. I had an extra NIC the MAC of which I bound to an IP handled by the Primary WAN. Then I adjusted metrics appropriately. Now it seems that I can access all the services on that PC via the Primary WAN and still use Secondary WAN for everything else.

Ok, but normally you can't bind specific apps to specific network adapters. A change in metric just changes which one of the two network adapters is used, w/ the other effectively ignored. The only time I've seen it work is if perhaps your running a VM on the client, and then assign the VM and its apps to a different network adapter, and of course, assigned IP. NOW both the host and guest VM are operating fully independently wrt the router.

 

[Poesia]

At the moment, the other NIC is 192.168.1.101 and its metric is 5. It is routed via secondary WAN. The other NIC is 192.168.1.30 and its metric is 10. It is routed via primary WAN. I can confirm that all the traffic is going through the secondary WAN except when I'm connecting to the PC from outside using the primary WAN. I only have a port forwarding rule that forwards port 8082 to 192.168.1.30. If this works reliably, this will be all I need for now.