DD-WRT :: View topic - Dual / Triple WAN HowTo

Dual / Triple WAN HowTo | DHCP scripts on Page 5!!!!

This topic is locked: you cannot edit posts or make replies.

DD-WRT Forum Index -> Broadcom SoC based Hardware

Goto page Previous 1, 2, 3, 4, 5, 6 ... 66, 67, 68 Next

View previous topic :: View next topic

Author

Message

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Mon Mar 31, 2008 20:57 Post subject:

Jabroni wrote:

Great guide! I just tested it and it worked great.. I just have a question, is there a way to force X tcp port to use just WAN1 ??? Something like its on the wiki

Code:

iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m multiport -p tcp --dport 22,25,80,110,119,143,443,993,3389 -j MARK --set-mark 0x100

Well, I just had expierence trying to figure something like this out.

Tell me if this works the way you want it to:

Code:

iptables -t mangle -N WAN1
iptables -t mangle -F WAN1
iptables -t mangle -A WAN1 -m multiport -p tcp --dport 22,25,80,110,119,143,443,993,3389 -j MARK --set-mark 0x100

iptables -t nat -N FORCE_WAN1
iptables -t nat -F FORCE_WAN1
iptables -t nat -A FORCE_WAN1 -j LOG --log-prefix " Spoofing to send out WAN1 "
iptables -t nat -A FORCE_WAN1 -j SNAT --to <WAN1 IP Address>

iptables -t mangle -A OUTPUT -o ! br0 -j WAN1
iptables -t mangle -A PREROUTING -i br0 -j WAN1
iptables -t nat -A POSTROUTING -o vlan1 -j FORCE_WAN1

_________________

Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router

Sponsor

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Fri Apr 04, 2008 1:11 Post subject:

BIG UPDATE

I figured out my problem, and is probably your guys's problem too.

It seems the newer version of DD-WRT dont have the same iptables modules, which breaks the dual WAN.

I had to download and install:

DD-WRT v23 SP2 (09/15/06)

I then followed my scripts again, and BAM, now it works.
_________________

Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Tue Apr 08, 2008 14:43 Post subject:

Trying this with DHCP soon.

I wrote a script that is in beta, where it uses udhcpc to get a dhcp IP address, and then turns around and puts those values into nvram, which after that, runs the scripts to do the dual wanning.

The only problem is, I am at work right now, not at home, and my WRT is at home. I have also been busy as of late and havent been able to fully test, and fix bugs. I guess buying a new home will do that to you :)

Is anyone able to test with DHCP??? (Preferrably non-ppoe, still working on that).
_________________

Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router

stalonge
DD-WRT Guru

Joined: 21 Jul 2006
Posts: 1898
Location: Fortaleza Ce Brazil

Posted: Tue Apr 08, 2008 18:07 Post subject:
I have ready for testing , but i have a mixed ADSL and Cable .. _________________ DDwrt ...it rocks .... 1 R7800 54420 AP Wireguard webserver JFFS SAMBA FTP usb HD Mesh 1 R7800 54420 Cli Mesh 1 WZR1750 54389 AP Webserver Samba Wireguard 1 TP link Archer C7v5 54420 Cli Mesh 1 DD x86_64 48296 Gateway Samba Ftp Webserver

ungadan
DD-WRT Novice

Joined: 01 Sep 2007
Posts: 12

Posted: Tue Apr 08, 2008 21:48 Post subject:

Hey I am willing to test this for DHCP I have several cable modems that I can test with for this. But I am going to need a little bit of help. There has been so much different code set all arround could someone sum up what i need to put in for a wrt54g v2? or a 300n v1? I have both. I will test asap as long as I can get a little help sorting out what to put in and where. that may sound silly but I am a hardware guy not a software guy and I am a windows admin just getting into the linux side so I am a bit confused?

thanks!

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Wed Apr 09, 2008 12:12 Post subject:
Yea, I am going to work on the scripts today then give it a shot, I will let you know. _________________ Linksys EA6500v2 \| 5GHz 1st Floor AP \| Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K Netgear WNR2000v3 \| 2nd Floor AP \| DD-WRT v3.0-r27805 std Behind a Raspberry Pi Dual WAN router

Bird333
DD-WRT Guru

Joined: 07 Jun 2006
Posts: 809

Posted: Wed Apr 09, 2008 13:55 Post subject:
Will these scripts work with the new versions of DD-WRT? Also, if possible could you explain some of the commands in the script? Thanks!

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Wed Apr 09, 2008 15:39 Post subject:

Alright, I was able to do this @ home, and it is working for me Very Happy

I am doing this on a WRT54GS V2.

For the first WAN, just plug it into the WAN port like normal, and leave alone, setting DD-wrt to do auto config (DHCP).

For the second WAN, first, goto the VLAN page and set port 4 up to VLAN 2. Then, log into the router using telnet/ssh, and set up VLAN2 for port 4:

Code:

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram commit
reboot

Then, for the rest of config, I use 3 different scripts that I put into JFFS. (I am unsure at the moment how to get this to work if you dont have room in JFFS). All the scripts are located in /jffs/scripts

First script, I named "udhcpc-vlan2.script"

Code:

#!/bin/sh
# udhcpc script edited by Tim Riker <Tim@Rikers.org>
[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1

ifconfig $interface up

RESOLV_CONF="/etc/resolv.conf"
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"

case "$1" in
deconfig)
# /sbin/ifconfig $interface 0.0.0.0
;;

renew|bound)
# /sbin/ifconfig $interface $ip $BROADCAST $NETMASK
echo "$ip $BROADCAST $NETMASK"

if [ -n "$router" ] ; then
echo "deleting routers"
# while route del default gw 0.0.0.0 dev $interface ; do
# :
# done

# for i in $router ; do
# route add default gw $i dev $interface
# done
echo "$router"
fi

echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
for i in $dns ; do
echo adding dns $i
echo nameserver $i >> $RESOLV_CONF
done
nvram set wan2_ifname=$interface
#nvram set wan2_ifname=vlan3
nvram set wan2_gateway=$router
nvram set wan2_ipaddr=$ip
nvram set wan2_netmask=$subnet
nvram set wan2_broadcast=$broadcast
nvram commit
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
;;
esac

exit 0

Save the script, and

Code:

chmod 755 udhcpc-vlan2.script

What this does is a DHCP request, gets the IP address, and sets the values in NVRAM (IP, Netmask, gateway) which are needed for the other scripts.

The second script I named "routes.firewall"

Code:

#!/bin/sh

ip rule flush

ip rule add lookup main prio 32766
ip rule add lookup default prio 32767

ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101

ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201

ip route flush table 100
ip route flush table 200

for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done

ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)

This sets up the routing tables for both interfaces, and throws in the equalize command.

Set it to executable:

Code:

chmod 755 routes.firewall

The last script, I named "firewall.firewall"

Code:

#!/bin/sh
IPTABLES="/usr/sbin/iptables"

#DD-WRT firewall rules #BEGIN

#apply simple forward rules

for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
DEST=`echo $TO | cut -d ':' -f 1`
DPORT=`echo $TO | cut -d ':' -f 2`

if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done

#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
EPORT=`echo $FROM | cut -d ':' -f 5`

if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done

iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)

if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi

if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi

iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in

#iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j IMQ --todev 0
iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j SVQOS_IN
iptables -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j SVQOS_OUT

#DD-WRT END

$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
#$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
#$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
#$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
#$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
#$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
#$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)
$IPTABLES -t mangle -A OUTPUT -o ! br0 -m random --average 50 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i br0 -m random --average 50 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! br0 -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i br0 -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2

RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done

This does the iptables magic, which randomizes the outgoing connections, using SNAT, and sends them out the different interfaces. Dont forget to

Code:

chmod 755 firewall.firewall

The last step, is to set these scripts to run.

In the webgui, goto Administration>Commands, and put the following in for startup:

Code:

udhcpc -s /jffs/scripts/udhcpc-vlan2.script -i vlan2
/jffs/scripts/routes.firewall

And click save startup.

Next, do the same thing for the firewall:

Code:

/jffs/scripts/firewall.firewall

And click save firewall.

After all of that, everything *should* work. It did for me, I got rid of my static IPs, and now things are working great. The only problem I still see, and others might too, is if both IPs happen to be in the same network, it breaks the dual wan...unsure why.

Give those scripts a shot. The good thing is, there is no more editing of the scripts to your liking, they should just work.

--John
_________________

Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router

Last edited by jbarbieri on Tue Apr 22, 2008 13:12; edited 1 time in total

stalonge
DD-WRT Guru

Joined: 21 Jul 2006
Posts: 1898
Location: Fortaleza Ce Brazil

Posted: Wed Apr 09, 2008 15:51 Post subject:
And who has a Adsl ( PPPoE ) ? _________________ DDwrt ...it rocks .... 1 R7800 54420 AP Wireguard webserver JFFS SAMBA FTP usb HD Mesh 1 R7800 54420 Cli Mesh 1 WZR1750 54389 AP Webserver Samba Wireguard 1 TP link Archer C7v5 54420 Cli Mesh 1 DD x86_64 48296 Gateway Samba Ftp Webserver

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Wed Apr 09, 2008 16:42 Post subject:
Use PPPoE on the first WAN, set it up as you normally would, and if your second connection is DHCP, just use the scripts above. _________________ Linksys EA6500v2 \| 5GHz 1st Floor AP \| Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K Netgear WNR2000v3 \| 2nd Floor AP \| DD-WRT v3.0-r27805 std Behind a Raspberry Pi Dual WAN router

stalonge
DD-WRT Guru

Joined: 21 Jul 2006
Posts: 1898
Location: Fortaleza Ce Brazil

Posted: Wed Apr 09, 2008 16:55 Post subject:
As you saw in my post in X86 area , did you think it should work in dd x86 ? _________________ DDwrt ...it rocks .... 1 R7800 54420 AP Wireguard webserver JFFS SAMBA FTP usb HD Mesh 1 R7800 54420 Cli Mesh 1 WZR1750 54389 AP Webserver Samba Wireguard 1 TP link Archer C7v5 54420 Cli Mesh 1 DD x86_64 48296 Gateway Samba Ftp Webserver

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Wed Apr 09, 2008 17:02 Post subject:
Well, x86 doesnt have NVRAM, does it? If not, then what is the equivlaent of NVRAM? _________________ Linksys EA6500v2 \| 5GHz 1st Floor AP \| Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K Netgear WNR2000v3 \| 2nd Floor AP \| DD-WRT v3.0-r27805 std Behind a Raspberry Pi Dual WAN router

stalonge
DD-WRT Guru

Joined: 21 Jul 2006
Posts: 1898
Location: Fortaleza Ce Brazil

Posted: Wed Apr 09, 2008 17:28 Post subject:
yes , x86 has NVRAM _________________ DDwrt ...it rocks .... 1 R7800 54420 AP Wireguard webserver JFFS SAMBA FTP usb HD Mesh 1 R7800 54420 Cli Mesh 1 WZR1750 54389 AP Webserver Samba Wireguard 1 TP link Archer C7v5 54420 Cli Mesh 1 DD x86_64 48296 Gateway Samba Ftp Webserver

jbarbieri
DD-WRT Guru

Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

Posted: Wed Apr 09, 2008 17:35 Post subject:

Then, you would want to use the network cards (eth0/eth1/eth2), since I **think* thats how x86 does it, but again, I am unsure.

I would like to learn and check it out tho Razz

:cough cough: :hint hint:
_________________

Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router

Bird333
DD-WRT Guru

Joined: 07 Jun 2006
Posts: 809

Posted: Wed Apr 09, 2008 18:13 Post subject:
Can you set this up for a PPPoE main WAN and one or two VAP setup as additional WAN's? Does this work on the current firmware or is this still only RC2?

Goto page Previous 1, 2, 3, 4, 5, 6 ... 66, 67, 68 Next

Display posts from previous:

Page 5 of 68

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

Dual / Triple WAN HowTo | DHCP scripts on Page 5!!!!

Quick Links

Log in