Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Port forwarding with multiple WAN default routes in OpenWRT

by |Published

I have an OpenWrt setup with multiple WAN connections, and a DNAT port redirect that provides access to a server in my LAN. I want my server to be accessible on both WAN connections simultaneously.

I am not using any load balancing package like mwan3 as I need no load balancing setup for outgoing traffic. Instead, I have multiple gateways in my routing table with different metric values. All such networks are added in a single firewall zone wan in the OpenWrt firewall configuration.

Example route table:

root@OpenWrt:~# ip route
default via 10.0.1.1 dev eth1  metric 5
default via 10.0.2.1 dev eth2  metric 8
...

I get a simple failover setup with the above configuration, as the default route for 10.0.1.1 is removed when the link goes down.

Example port forward rule:

config redirect
        option name 'Server'
        option target 'DNAT'
        list proto 'tcp'
        option src 'wan'
        option src_dport '1234'
        option dest 'lan'
        option dest_ip '192.168.1.234'
        option dest_port '5678'

However my port forwarding is broken with this setup:

  • When single default route is present in the table:
    • Port forwarding always works when only one WAN connection is active
  • When multiple default routes are present:
    • Port forwarding works when the server is contacted through the gateway with the lowest metric value (the highest default route in above example: 10.0.1.1)
    • Port forwarding doesn’t work when the server is contacted through a gateway with a higher metric value (10.0.2.1 in above example) – a connection timed out error occurs instead

This behaviour made me think that probably the returning traffic from the server is not being sent to the same gateway from where it is originating – it is instead being sent to the lowest metric gateway.
Am I correct? Is there any way to check this?

On further searching, I found this page in the OpenWrt wiki that talks about doing something similar but using multiple routers, however the page seems to be incomplete.

  • How does one implement the mentioned connection marking solution in OpenWrt? Will it work for UDP, ICMP traffic as well?
  • Is there any other possible solution that does not involve using connection marking or mwan3 and VLANs?

You may also like