Hi guys,
I have a small project before me that involes a router with an internet connection from a landline and a mobile connection.
The router has a WAN port in which the landline internet connection comes in and an internal mPCIe card that does the mobile connection.
It also has 4 LAN ports from an internal switchchip that are segregated under eth1 and are called lan0 - lan3.
What I woud like to do at least in the beginning is that I dedicate one port to the mobile connection in this case lan1.
So that only lan1 gets its internet connection through the mobile connection and all other ports get internet through the landline connection.
I use dnsmasq and nftables on Alpine Linux on a BananaPi R2.
I have enough knowledge to be able to configure it for a NAT router on one internet connection but I kinda have no idea how I should go about it with two.
I searched Google and the forums for a few days now but it seems nobody else tries it like I want it to, most want a failover or bond them, which I don’t want to do, hence me opening this topic.
Thank you in advance for at least reading until now .
What you’re looking for is called policy based routing based on connection marks.
Essentially, you’d use connection tracking to mark connections as needing to go over wan1 or wan2.
If there’s no connection mark because it’s a brand new connection, you’d mark it based on a physical interface the packet came from, or based on some statistical policy or based on which interface is up currently.
However you do connection marking, you’d mirror the connection mark into a fwmark.
Then, you’d use ip rule to determine which routing table to consult for a packet, one that has a default gateway set to wan1 or the other that has it set to wan2.
That’s basically the summary.
Start configuring things in reverse - make sure you have two default routes in your default table working well first (assign different route metrics from however your interfaces are getting their gateways)… then multiple tables, then rules and marks, and connection tracking last.
Use netcat tcpdump and conntrack tools to see how your stuff is behaving.
On OpenWRT, e.g. if you wanted to run it in a container, there’s a package called mwan3 that can configure all this for you through a gui.
So from what I gather most of that assumes a rather stable IP (range) on the WAN interfaces, which in my case wouldn’t be a thing.
So I would have to write a script that adds those things dynamically.
Is that right?
No, not really, pretty much every DHCP client supports scripting…which is how you’d maintain the routes in routing tables.
Every DHCP client has its own manual describing how your script is invoked and what the parameters are… but then it’s like a 1 liner or a 3 liner to add the routes.
.