Dual LAN/WAN setup?

ytuxedo002 · July 30, 2012, 10:49pm

Hey guys,

Been trying to get this to work with some of the suggestions on the forums but I cannot get it to work.

RB751G
Port 1= WAN1
Port 2= LAN1
Port 3= WAN2
Port 4= LAN2
Wifi = Bridged with LAN2

Anybody have specific instructions for this setup?

Any help is greatly appreciated.

Regards

vk7zms · July 31, 2012, 6:24am

OK - so you need to be just a little bit more specific

Do you want LAN1 & LAN2 to both use WAN1 & WAN2? If so is this on a load sharing or fail-over basis?

OR, do you want LAN1 to us WAN1 only, and LAN2 to use WAN2 only?

What type of WAN connections are you using DHCP-Client, L2TP, PPPoE, etc ?

Do you want devices on LAN1 to be able to access devices on LAN2?

ytuxedo002 · July 31, 2012, 2:09pm

LAN1 to use WAN1 which is a static IP.

LAN2 to use WAN2 which is a static IP.

The WAN’s are from 2 different ISP’s

For now LAN1 & 2 do not need to talk to each other, but this will be something i will need later on.

Thanks

vk7zms · July 31, 2012, 11:07pm

I think the easiest way is with a couple of mangle rules

lets assume the following
LAN1 is 192.168.1.0/24
LAN2 is 192.168.2.0/24

default gateway of ISP1 is 10.1.0.1
default gateway of ISP2 is 10.2.0.1

you could add a couple of mangle rules to mark the traffic from each LAN

chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=yes
src-address=192.168.1.0/24 dst-address=!192.168.2.0/24
in-interface=lan1

chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=yes
src-address=192.168.2.0/24 dst-address=!192.168.1.0/24
in-interface=lan2

Now that all the traffic inbound from the LAN ports is tagged with a routing mark, add a couple of default routes to direct the traffic out the appropriate WAN ports

dst-address=0.0.0.0/0 gateway=10.1.0.1 gateway-status=10.0.0.1 unreachable distance=1 scope=30
target-scope=10 routing-mark=wan1

dst-address=0.0.0.0/0 gateway=10.0.0.1 gateway-status=10.2.0.1 unreachable distance=1 scope=30
target-scope=10 routing-mark=wan2

note - by adding the dst-address=!192.168.x.0/24 to the mangle rules, traffic bound from LAN1 to LAN2 will not get caught with the routing mark and will route between the two LAN ports uninterupted

ytuxedo002 · August 1, 2012, 3:14pm

vk7zms:

I think the easiest way is with a couple of mangle rules

lets assume the following
LAN1 is 192.168.1.0/24
LAN2 is 192.168.2.0/24

default gateway of ISP1 is 10.1.0.1
default gateway of ISP2 is 10.2.0.1

you could add a couple of mangle rules to mark the traffic from each LAN

chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=yes
src-address=192.168.1.0/24 dst-address=!192.168.2.0/24
in-interface=lan1

chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=yes
src-address=192.168.2.0/24 dst-address=!192.168.1.0/24
in-interface=lan2

Now that all the traffic inbound from the LAN ports is tagged with a routing mark, add a couple of default routes to direct the traffic out the appropriate WAN ports

dst-address=0.0.0.0/0 gateway=10.1.0.1 gateway-status=10.0.0.1 unreachable distance=1 scope=30
target-scope=10 routing-mark=wan1

dst-address=0.0.0.0/0 gateway=10.0.0.1 gateway-status=10.2.0.1 unreachable distance=1 scope=30
target-scope=10 routing-mark=wan2

note - by adding the dst-address=!192.168.x.0/24 to the mangle rules, traffic bound from LAN1 to LAN2 will not get caught with the routing mark and will route between the two LAN ports uninterupted

Great. I’ll try this out and let you know the outcome.

Thank you very much.

ytuxedo002 · August 1, 2012, 5:05pm

Quick question though. Wouldn’t the src-address on the mangle rules be the WAN ip’s instead of the other LAN ip?

vk7zms · August 2, 2012, 2:09am

no - the source address needs to be the address the traffic originates from from, which is inevitably inside your LAN(s).

if for instance you open a webpage from a client on one of the LAN’s, the router will see the traffic coming from the Ethernet port into the router - hence the source address we need to identify, is that of each LAN address range