I installed your scripts on e2000, working quite well, thanks a lot !, but I am also reading them to be able to add some customization for my needs, however following lines confused me a little
isn't there a 25% chance of no marking being done, I there are mean 2 random lines
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH2
what if none of them gets hit ?
maybe something like this would solve that:
$IPTABLES -t mangle -j ETH2
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
I may be completely wrong here, still experimenting.
My aim is to redirect all traffic for web an ssh to en1 and the rest to be balanced between wan2 and wan1
I am adding
$IPTABLES -t mangle -A RANDOM -p tcp --dports 22,80 -j ETH1
line to RANDOM chain but does not seem to have any effect.
Joined: 06 Apr 2007 Posts: 545 Location: New Hampshire
Posted: Wed Nov 02, 2011 20:31 Post subject:
To be honest, I cannot recall, as the new module is a little different.
One way to tell is to look at the number of packets the are sent to the random chain, and then under the random chain, add up the number of packets for each statement.
If I remember correctly, it was 50% when I ran it.
If you are concerned, change this line:
Code:
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH2
to this:
Code:
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
$IPTABLES -t mangle -A RANDOM -j ETH2
That forces everything else that didn't get matched the first time to goto the second chain.
--John _________________
Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std
hi
sorry but i have a problem:
i have e320@e2000 (60k nvram).
i enalbe jffs2, enable clean_jffs2 for format.
But i can't enter and create a folder /etc/config
Quote:
Command 'mkdir "New folder"'
failed with return code 1 and error message
.
also with mkdir doesn't work...
can you help me?
thanks!
Joined: 06 Apr 2007 Posts: 545 Location: New Hampshire
Posted: Mon Dec 12, 2011 15:26 Post subject:
khael wrote:
hi
sorry but i have a problem:
i have e320@e2000 (60k nvram).
i enalbe jffs2, enable clean_jffs2 for format.
But i can't enter and create a folder /etc/config
Quote:
Command 'mkdir "New folder"'
failed with return code 1 and error message
.
also with mkdir doesn't work...
can you help me?
thanks!
You would probably have to mkdir /jffs/etc/config, as that folder is writeable and will also survive reboots. _________________
Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std
Hi, I have wrt610n v1 and got everything install as stated. still having trouble getting the second wan to work. i can only activate 1 wan at the time? if i change to vlan3 in dd-wrt web-gui, i can see my 2nd modem online. but not the 1st. if i change to vlan2 then my 1st modem online but not 2nd. i can't get them both to go on together.
i know i'm getting close. please help.
P.S. 1st modem ip: 66.XXX.XXX.XXX
2nd modem ip 98.XXX.XXX.XXX
DD-WRT v24-sp2 (08/12/10) mega
(SVN revision 14929)
----------------------------------------
nvram set vlan1ports="2 3 4 8*"
nvram set vlan3ports="1 8"
nvram set vlan3hwname=et0
nvram commit
reboot
if [ -n "$router" ] ; then
# echo "deleting routers"
# while route del default gw 0.0.0.0 dev $interface ; do
# :
# done
# for i in $router ; do
# route add default gw $i dev $interface
# done
# echo "$router"
fi
echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
for i in $dns ; do
# echo adding dns $i
# echo nameserver $i >> $RESOLV_CONF
done
nvram set wan2_ifname=$interface
nvram set wan2_gateway=$router
nvram set wan2_ipaddr=$ip
nvram set wan2_netmask=$subnet
nvram set wan2_broadcast=$broadcast
nvram commit
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
;;
esac
exit 0
--------------------------
routes.firewall
--------------------------
#!/bin/sh
echo "Flushing rules" >> /var/log/messages
ip rule flush
echo "Rebuilding rules and tables" >> /var/log/messages
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
echo "Deleting default route" >> /var/log/messages
ip route delete default
echo "Adding in equalized route" >> /var/log/messages
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)
echo "routes.firewall completed" >> /var/log/messages
gave up on dd-wrt, found Tomato DualWAN EN version, flashed it and it works right out of the box!
Is that my GUI mod of the Chinese DualWAN buggy code - with possible backdoors as no source-code ever released?
Why is it buggy? It works absolutely flawless with my two 6Mb DSL lines load balanced and with line test / failover. QoS works perfect too and very easy to setup. Have you ran a portscan on a box or observed any traffic besides NTP or ICMP coming out to substantiate a claim of backdoors? I'm a long time fan of DD-WRT and I still run it on my main RSPro router but for anyoneone not wanting to fumble with scripts and whatnot the Tomato DualWan is a dream come true.. why dont they build a preconfigured dual/multiwan dd-wrt with a gui? Couple that with a highpower unit such as a 610N or 16N router and the peplink/Cisco small business dualwan routers have some serious competition.
I'm planning to use Tomato DualWAN on a wrt160n. Would like to use the WLAN configured in client mode as one of the WAN's and a cable modem connected to the WAN port as the other WAN. Is this possible with this firmware?
Joined: 22 Aug 2011 Posts: 16 Location: Thessaloniki
Posted: Fri Apr 20, 2012 21:22 Post subject:
bohemus wrote:
I'm planning to use Tomato DualWAN on a wrt160n. Would like to use the WLAN configured in client mode as one of the WAN's and a cable modem connected to the WAN port as the other WAN. Is this possible with this firmware?
Why use Tomato? DDWRT does the job.
Check my current setup:
WRT54G v2.2 in Repeater Mode (using ddwrt v23 SP2 svn 3932 mini due to broken iptables), the Dual Wan router
WRT54GL v1.1 in Repeater Mode (this feeds the second WAN)
and its working just fine! _________________ 2 x Linksys WRT54GL v1.1
1 x Linksys WRT54G v2.2 [Dual WAN]
1 x Linksys E2500
Seems a lot easier than having to deal with all these scripts. Unless this functionality works in the GUI, its just too much hassle for a simple user like me.
Posted: Wed Jul 04, 2012 23:46 Post subject: works on WNR2500L (v1)
great post.. after a long google search, i landed here. i am trying to enable dual WAN (both ISPs give me DHCP address) on my WNR3500L(v1) using the scripts here.
Will post my experience once I get 'there'. Anyone here tried this on WNR3500L already?
UPDATE: I was able to get these scripts to work on my WNR3500L. Thanks OP!
Three tips I need to mention to make it to work:
1) The logical and physical ports are mapped in reverse order - 1,2,3,4 physical ports are 4,3,2,1 for vlans
2) The dhcp script command had to be changed to remove the 'routes.firewall' and
3) The firewall commands had to be given 1 per line (in the UI) for the firewall.firewall script to run; otherwise it was not working.
Lastly, this works only if both the WAN ports are connected. If one of them is not connected (or) loses it's IP, all the clients lose internet connectivity...
I have Asus N-16 I am using the latest firmware of DD-WRT mega 19519 .
I am testing dual wan using two ports
The first one is a DHCP client to other device which is directly connected to the Modem.
The Second one is connected though RG-45 to a router that has 3G USB stick connected.
12. If you don't see vlan2 you didn't do something right so start over. If vlan2 doesn't have an ip address run:
udhcpc -s /jffs/scripts/udhcpc-wan2.script -i vlan2 and see what happens. (If it throws an error or hangs
something is wrong with the file maybe. If it shows an ip then you are golden.
e1000 v1 running:
DD-WRT v24-sp2 (04/07/12) mini
(SVN revision 18946M NEWD-2 K2.6 Eko)
-----------------------------------------------------------------------------
vlans in the vlan web gui page = uncheck port 4 from vlan1 and change it to vlan3
-----------------------------------------------------------------------------
vlans in nvram telnet after setting =
root@DD-WRT:~# nvram show | grep vlan.*ports
vlan2ports=0 5
vlan0ports=1 2 3 5*
vlan3ports=4 5
vlan1ports=4 3 2 5*
size: 20057 bytes (12711 left)
-----------------------------------------------------------------------------
to change vlan ports in nvram in telnet =
nvram set vlan0ports="1 2 3 5*"
nvram set vlan1ports="4 3 2 5*"
nvram set vlan3ports="4 5"
nvram commit
reboot
-----------------------------------------------------------------------------
under administration in the web gui under commands =
# echo "deleting routers"
# while route del default gw 0.0.0.0 dev $interface ; do
# :
# done
# for i in $router ; do
# route add default gw $i dev $interface
# done
# echo "$router"
echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
for i in $dns ; do
# echo adding dns $i
# echo nameserver $i >> $RESOLV_CONF
done
nvram set wan2_ifname=$interface
nvram set wan2_gateway=$router
nvram set wan2_ipaddr=$ip
nvram set wan2_netmask=$subnet
nvram set wan2_broadcast=$broadcast
nvram commit
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
;;
esac
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi
if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi
iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in
#DD-WRT END
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)
#Save the gateway in the connection mark for new incoming connections
$IPTABLES -I FORWARD -t mangle -i $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -I FORWARD -t mangle -o $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -I FORWARD -t mangle -o $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -I FORWARD -t mangle -i $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -A FORWARD -t mangle -j CONNMARK --save-mark
$IPTABLES -I INPUT -t mangle -i $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -I INPUT -t mangle -i $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -A INPUT -t mangle -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x100
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan2_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2
$IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i br0 -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark
# Use the correct gateway for reply packets from local connections
$IPTABLES -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done
1. follow http://www.dd-wrt.com/wiki/index.php/JFFS to enable jffs
2. under the setup mac clone web gui page change the WAN mac
3. try a combination of rebooting the modem and router to make sure you are getting 2 ip addresses
4. telnet or ssh into the router and run ifconfig to make sure both vlan2 and vlan3 are getting an ip
5. obviously in my case i put the scripts in /jffs/scripts which you need to make
6. the way i chose to get the scripts on my router was by hosting them and running wget
7. after the scripts are in place you need to give them proper permissions by running chmod a+x /jffs/scripts/*
this worked for me using 2 modems with roadrunner cable internet