Well it should work with this setup. But you would be able to build this setup using just one WRT. In your scenario PPPoE connections, DHCP for each network etc. can be handled by GUI.
I must try it on the VDSL2 over WiFi and the ADSL2+ at my work...
I guess I'll be capped at 54Mbps since it is a 50Mbps & 24Mbps but at least a sweet 13Mbps upload speed.
#!/bin/ash
IF0=br0
IF1=vlan1
IF2=vlan2
P0_NET=192.168.30.0/24
P1_NET=192.168.10.0/24
P2_NET=192.168.20.0/24
IP1=192.168.10.163
IP2=192.168.20.132
P1=192.168.10.1
P2=192.168.20.1
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan2 192.168.20.132 netmask 255.255.255.0 broadcast 192.168.20.255 up
ip route delete default
ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip rule add from $IP1 table 10
ip rule add from $IP2 table 20
ip route add $P0_NET dev $IF0 table 10
ip route add $P2_NET dev $IF2 table 10
ip route add 127.0.0.0/8 dev lo table 10
ip route add $P0_NET dev $IF0 table 20
ip route add $P1_NET dev $IF1 table 20
ip route add 127.0.0.0/8 dev lo table 20
ip route add default scope global nexthop via $P1 dev $IF1 nexthop via $P2 dev $IF2
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
Code:
IPTABLES="/usr/sbin/iptables"
iptables -I INPUT -i vlan2 -p icmp -j ACCEPT
NET_INT_INT=br0
NET_INT_IP=192.168.30.1
NET_INT_SUB=24
NET_INT_NET=192.168.30.0
NET_EXT_INT1=vlan1
NET_EXT_IP1=192.168.10.163
NET_EXT_GW1=192.168.10.1
NET_EXT_INT2=vlan2
NET_EXT_IP2=192.168.20.132
NET_EXT_GW2=192.168.20.1
ip route add default scope global nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1} nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/${NET_INT_SUB} -d ${NET_INT_IP} -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
DEST=`echo $TO | cut -d ":" -f 1`
DPORT=`echo $TO | cut -d ":" -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
EPORT=`echo $FROM | cut -d ":" -f 5`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "1"> /proc/sys/net/ipv4/ip_forward
When i try to ping
192.168.10.1
Code:
C:\Documents and Settings\user>ping -t 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.30.1: Destination net unreachable.
Reply from 192.168.30.1: Destination net unreachable.
Reply from 192.168.30.1: Destination net unreachable.
192.168.20.1
Code:
C:\Documents and Settings\user>ping -t 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.132: Destination host unreachable.
Reply from 192.168.20.132: Destination host unreachable.
Reply from 192.168.20.132: Destination host unreachable.
Posted: Thu Nov 29, 2007 4:31 Post subject: Hi GW2345
Hi, this is information apply to the GW2345... because I need dual WAN with load balance like you post... but well I need to confirm that with you that do it this scripts.... because I understand the dual wan and I used, but not with load balance....
nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram commit
reboot
Then I was unable to ping my router using any of the ports. I connected wirelessly and was able to restore factory defaults. I went through this entire thread and I really can't make sense of it.
Has anyone actually gotten this to work? I mean other than the thread starter.
This would be the greatest thing ever if it could utilize the wireless wan as a port. I have 3 units setup with autoap script running. There are approx 8 freely available wireless networks in my area. If I could use all 8 wireless networks in a single router, and have it load balance, i would be in bittorrent heaven! I am currently talking to a friend of mine, who just happens to be a CCIE, and uses OpenWRT daily if he can help make this work. I'll post back if he gives me any input.
Just remember all you people, dont know what kind of internet connections people in majority have access to here, but in my case i have one ethernet/fibre 30Mbps to my apartment from the ISP (actually its 100Mbps, however the ISP caps the speed at 30/30).
And a single Linksys WRT54G v1.1 connected to this internet connection cant even handle the througput, max is 26-27Mbps up or down in best case, but when I bypass the router and instead connect a PC directly to the ethernet wall jack I easely max out 30-31Mbps.
So if you combine, lets say two ADSL or one ADSL and one Cable, with both being 24Mbps downstream (standard speeds here in Sweden on those connection types) the router will have problems to utilize this speed, even when using ie download accelerator or bittorrent. The fact that the softwares use more connections, should give better utilization of both connections, however at the same time more connections means more load on the router itself. So its a hard one...
24+24 should land at 48Mbps, a Linksys router as I said could approximately use 27Mbps efficently.
I dont know it this is a limitation of the ethernet card setup in the Linksys routers, or if its because the routers processor cant handle both the higher trougput and also do its other work at the same time, like port forwarding, masquerading, packet inspection and so on. I guess the lost 2-3Mbps through the router is because of the processor not keeping up when doing work on the packets.
Why I think its the processor, and not the ethernet interfaces, is because I also have one LAN port configured as a WAN port (just moved to vlan1 from vlan0,simply) and if i connect a PC to that second WAN port im bypassing the routers packet modification and can through the switching function in the Linksys max out 30-31Mbps. So that tells me that there is no limitations in the interfaces, only in the routers processor.
Very interesting stuff you guys have posted here. I am intrigued and a bit mystified. I have 1 big question.
1) Presumably then this should be able to be done with Wireless WANs then right? If there are several open wireless connections in your area wouldn't you be able to do this with some souped up client mode?
I am would be more interested in seeing this work for wireless WANs
