OpenWrt Forum Archive

Topic: New package: mwan2; testers wanted.

The content of this topic has been archived between 31 Mar 2018 and 27 Apr 2018. Unfortunately there are posts – most likely complete pages – missing.

Post #151
Adze
29 Apr 2012, 10:22
swoofz wrote:

Can you pls kindly see and advise what I did wrong or miss? Thank you.

Looks OK so far... Only thing i would change is te give each wan interface a different metric in /etc/config/network, but that isn't the cause of your problem right now.

Could you paste me your firewall config, as i suspect there lies your problem. Could you also check if syn packets leave the router and syn-ack gets back: tcpdump -i br-lan -n port 5038.

Thank you for testing. smile

(Last edited by Adze on 29 Apr 2012, 10:25)

Post #152
swoofz
29 Apr 2012, 17:12
Adze wrote:

Looks OK so far... Only thing i would change is te give each wan interface a different metric in /etc/config/network, but that isn't the cause of your problem right now.

Could you paste me your firewall config, as i suspect there lies your problem. Could you also check if syn packets leave the router and syn-ack gets back: tcpdump -i br-lan -n port 5038.

Thank you for testing. smile

This is my firewall config :

root@OpenWrt:~# cat /etc/config/firewall

config 'rule'
        option 'name' 'Allow-DHCP-Renew'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '68'
        option 'target' 'ACCEPT'
        option 'family' 'ipv4'

config 'rule'
        option 'name' 'Allow-Ping'
        option 'src' 'wan'
        option 'proto' 'icmp'
        option 'icmp_type' 'echo-request'
        option 'family' 'ipv4'
        option 'target' 'ACCEPT'

config 'rule'
        option 'name' 'Allow-DHCPv6'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'src_ip' 'fe80::/10'
        option 'src_port' '547'
        option 'dest_ip' 'fe80::/10'
        option 'dest_port' '546'
        option 'family' 'ipv6'
        option 'target' 'ACCEPT'

config 'rule'
        option 'name' 'Allow-ICMPv6-Input'
        option 'src' 'wan'
        option 'proto' 'icmp'
        list 'icmp_type' 'echo-request'
        list 'icmp_type' 'destination-unreachable'
        list 'icmp_type' 'packet-too-big'
        list 'icmp_type' 'time-exceeded'
        list 'icmp_type' 'bad-header'
        list 'icmp_type' 'unknown-header-type'
        list 'icmp_type' 'router-solicitation'
        list 'icmp_type' 'neighbour-solicitation'
        option 'limit' '1000/sec'
        option 'family' 'ipv6'
        option 'target' 'ACCEPT'

config 'rule'
        option 'name' 'Allow-ICMPv6-Forward'
        option 'src' 'wan'
        option 'dest' '*'
        option 'proto' 'icmp'
        list 'icmp_type' 'echo-request'
        list 'icmp_type' 'destination-unreachable'
        list 'icmp_type' 'packet-too-big'
        list 'icmp_type' 'time-exceeded'
        list 'icmp_type' 'bad-header'
        list 'icmp_type' 'unknown-header-type'
        option 'limit' '1000/sec'
        option 'family' 'ipv6'
        option 'target' 'ACCEPT'

config 'defaults'
        option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'
        option 'drop_invalid' '1'

config 'zone'
        option 'network' 'lan'
        option 'name' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'

config 'zone'
        option 'name' 'wan'
        option 'network' '3GWAN WAN'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'
        option 'input' 'ACCEPT'
        option 'masq' '1'
        option 'mtu_fix' '1'


config 'include'
        option 'path' '/etc/firewall.user'


config 'redirect'
        option 'src' 'wan'
        option 'dest_ip' '192.168.0.201'
        option 'family' 'ipv4'
        option 'proto' 'tcp'
        option 'src_dport' '5038'
        option 'dest_port' '5038'
        option 'target' 'DNAT'
        option 'dest' 'lan'

config 'forwarding'
        option 'dest' 'lan'
        option 'src' 'wan'

config 'forwarding'
        option 'dest' 'wan'
        option 'src' 'lan'

and here's the tcpdump -i br-lan -n port 5038 :

root@OpenWrt:~# tcpdump -i br-lan -n "port 5038"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 65535 bytes
23:00:50.841238 IP 192.168.0.201.5038 > 206.53.152.166.29710: Flags [S.], seq 1045335257, ack 2984618469, win 5792, options [mss 1460,sackOK,TS val 33630636 ecr 343148770,nop,wscale 2], length 0
23:00:52.554529 IP 206.53.152.166.8895 > 192.168.0.201.5038: Flags [s], seq 3428477309, win 5840, options [mss 1380,sackOK,TS val 343172542 ecr 0,nop,wscale 7], length 0
23:00:52.554644 IP 192.168.0.201.5038 > 206.53.152.166.8895: Flags [S.], seq 2531118748, ack 3428477310, win 5792, options [mss 1460,sackOK,TS val 33630807 ecr 343172542,nop,wscale 2], length 0
23:00:55.554290 IP 206.53.152.166.8895 > 192.168.0.201.5038: Flags [s], seq 3428477309, win 5840, options [mss 1380,sackOK,TS val 343173293 ecr 0,nop,wscale 7], length 0
23:00:55.554404 IP 192.168.0.201.5038 > 206.53.152.166.8895: Flags [S.], seq 2531118748, ack 3428477310, win 5792, options [mss 1460,sackOK,TS val 33631107 ecr 343172542,nop,wscale 2], length 0
23:00:56.641089 IP 192.168.0.201.5038 > 206.53.152.166.8895: Flags [S.], seq 2531118748, ack 3428477310, win 5792, options [mss 1460,sackOK,TS val 33631216 ecr 343172542,nop,wscale 2], length 0
23:01:01.554149 IP 206.53.152.166.8895 > 192.168.0.201.5038: Flags [s], seq 3428477309, win 5840, options [mss 1380,sackOK,TS val 343174793 ecr 0,nop,wscale 7], length 0
23:01:01.554256 IP 192.168.0.201.5038 > 206.53.152.166.8895: Flags [S.], seq 2531118748, ack 3428477310, win 5792, options [mss 1460,sackOK,TS val 33631707 ecr 343172542,nop,wscale 2], length 0
23:01:01.840971 IP 192.168.0.201.5038 > 206.53.152.167.53068: Flags [S.], seq 1204645195, ack 1869301636, win 5792, options [mss 1460,sackOK,TS val 33631736 ecr 343151224,nop,wscale 2], length 0

Please advise. Thank you.

Post #153
Adze
30 Apr 2012, 10:12
swoofz wrote:

Please advise. Thank you.

I think you have the same problem as nodoze. Start reading from post #95 to #105. As your post #150 suggests you not have a working connmark.

Good luck!

(Last edited by Adze on 30 Apr 2012, 10:12)

Post #154
marcel_ms
1 May 2012, 14:11

Hi

I have managed to setup the following scenario:

- 2 Wireless UMTS link

I wanted both 3G links to load-balance traffic
This is my config:

/etc/config/network:

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'ifname' 'eth0'
    option 'type' 'bridge'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'
    option 'dns' '192.168.1.1'

config 'interface' 'wan'
    option 'auto' '1'
    option 'proto' '3g'
    option 'device' '/dev/ttyUSB0'
    option 'apn' 'internet'
    option 'service' 'umts'
    option 'metric' '10'


config 'interface' 'wan2'
    option 'auto' '1'
    option 'proto' '3g'
    option 'device' '/dev/ttyUSB2'
    option 'apn' 'internet'
    option 'service' 'umts'
    option 'metric' '20'

config 'switch' 'eth0'
    option 'enable_vlan' '1'

config 'switch_vlan'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '0 1 2 3 4'

/etc/config/mwan2:

package 'mwan2'

config 'interface' 'wan'
    option 'enabled' '1'
    option 'metric' '1'
    option 'weight' '1'
    option 'track_ip' 'www.google.com'
    option 'count' '1'
    option 'timeout' '2'
    option 'interval' '5'


config 'interface' 'wan2'
    option 'enabled' '1'
    option 'metric' '1'
    option 'weight' '1'
    option 'track_ip' 'www.google.com'
    option 'count' '1'
    option 'timeout' '2'
    option 'interval' '5'

/etc/config/firewall

config 'defaults'
    option 'input' 'DROP'
    option 'forward' 'REJECT'
    option 'output' 'ACCEPT'
    option 'syn_flood' '1'
    option 'drop_invalid' '1'

config 'zone'
    option 'name' 'local'
    option 'network' 'lan'
    option 'input' 'ACCEPT'
    option 'forward' 'REJECT'
    option 'output' 'ACCEPT'

config 'zone'
    option 'name' 'internet'
    option 'network' 'wan wan2'
    option 'input' 'DROP'
    option 'forward' 'DROP'
    option 'output' 'ACCEPT'
    option 'masq' '1'

config 'forwarding'
    option 'src' 'local'
    option 'dest' 'internet'

Could someone check the configurations

it does not work properly

I do not know openwrt so well

Post #155
Adze
1 May 2012, 14:24

Please change your /etc/config/network to:

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'ifname' 'eth0'
    option 'type' 'bridge'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'
    option 'dns' '192.168.1.1'

config 'interface' 'wan'
    option 'auto' '1'
    option 'proto' '3g'
    option 'device' '/dev/ttyUSB0'
    option 'apn' 'internet'
    option 'service' 'umts'
    option 'defaultroute' '0'

config 'interface' 'wan2'
    option 'auto' '1'
    option 'proto' '3g'
    option 'device' '/dev/ttyUSB2'
    option 'apn' 'internet'
    option 'service' 'umts'
    option 'defaultroute' '0'

config 'route'
    option 'interface' 'wan'
    option 'target' '0.0.0.0'
    option 'netmask' '0.0.0.0'
    option 'metric' '10'

config 'route'
    option 'interface' 'wan2'
    option 'target' '0.0.0.0'
    option 'netmask' '0.0.0.0'
    option 'metric' '20'

config 'switch' 'eth0'
    option 'enable_vlan' '1'

config 'switch_vlan'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '0 1 2 3 4'

Good luck

Post #156
marcel_ms
1 May 2012, 20:40
Adze wrote:

Please change your /etc/config/network to:

...

Good luck

I changed it

works better but not enough

for example, download the same file on two computers(I use download accelerator DownThemAll, ten session for file)

I have ca. 250kb/s on each computer

when I download the same file only on one computer a have the same 250kb/s(it is max speed on my 3g link)


otherwise download process is interrupted after a time in both cases


any errors in the configuration?

Post #157
Adze
1 May 2012, 20:43

It's a limitation of mwan2. See opening post:

Known limitations:
- Only host based load-balancing support (ones a packet is routed to a host, all packets to that same host traverse the same WAN).

Post #158
marcel_ms
1 May 2012, 21:26
Adze wrote:

It's a limitation of mwan2. See opening post:

Known limitations:
- Only host based load-balancing support (ones a packet is routed to a host, all packets to that same host traverse the same WAN).

OK, any change in future?
old Multi WAN adds bandwidth


what about this?

download process is interrupted after some time


This is the latest version
The package:
http://213.136.13.52/mwan2_1.3-10.ipk
?

Post #159
Adze
2 May 2012, 09:58
marcel_ms wrote:

download process is interrupted after some time.

That's obviously not OK. I think it is a conntrack issue. Can you give me some extra info? Could you provide me the outcome of the following:

lsmod | grep conntrack
route -n
ip route list table 3
ip rule list
ifconfig
cat /proc/net/nf_conntrack  (<-- this command whilst downloading)
marcel_ms wrote:

This is the latest version
The package:
http://213.136.13.52/mwan2_1.3-10.ipk ?

Yes.

(Last edited by Adze on 2 May 2012, 10:02)

Post #160
marcel_ms
2 May 2012, 22:44 
lsmod | grep conntrack
route -n
ip route list table 3
ip rule list
ifconfig
cat /proc/net/nf_conntrack  (<-- this command whilst downloading)
root@Gargoyle:~$ lsmod | grep conntrack
nf_conntrack_tftp       2400  1 nf_nat_tftp
nf_conntrack_irc        2512  1 nf_nat_irc
nf_conntrack_ftp        4640  1 nf_nat_ftp
xt_conntrack            2016  0 
nf_conntrack_ipv4       7376 11 iptable_nat,nf_nat
nf_defrag_ipv4           656  1 nf_conntrack_ipv4
nf_conntrack           37744 18 nf_nat_tftp,nf_conntrack_tftp,nf_nat_irc,nf_conntrack_irc,nf_nat_ftp,nf_conntrack_ftp,xt_layer7,ipt_MASQUERADE,iptable_nat,nf_nat,xt_CONNMARK,xt_helper,xt_conntrack,xt_connmark,xt_connbytes,xt_NOTRACK,xt_state,nf_conntrack_ipv4
x_tables                9296 44 ipt_SET,ipt_set,xt_IMQ,ipt_weburl,ipt_webmon,ipt_timerange,xt_iprange,xt_HL,xt_hl,xt_MARK,ipt_ECN,xt_CLASSIFY,xt_time,xt_tcpmss,xt_statistic,xt_mark,xt_length,ipt_ecn,xt_DSCP,xt_dscp,xt_string,xt_layer7,ipt_bandwidth,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat,xt_CONNMARK,xt_recent,xt_helper,xt_conntrack,xt_connmark,xt_connbytes,xt_NOTRACK,xt_state,ipt_REJECT,xt_TCPMSS,ipt_LOG,xt_comment,xt_multiport,xt_mac,xt_limit,ip_tables,xt_tcpudp
root@Gargoyle:~$ routr\e   e -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.65     0.0.0.0         255.255.255.255 UH    0      0        0 3g-wan
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3g-wan2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
0.0.0.0         10.64.64.65     0.0.0.0         UG    10     0        0 3g-wan
0.0.0.0         10.64.64.64     0.0.0.0         UG    20     0        0 3g-wan2
root@Gargoyle:~$ ip route list table 3
default  metric 1 
nexthop via 10.64.64.65  dev 3g-wan weight 1
nexthop via 10.64.64.64  dev 3g-wan2 weight 1
root@Gargoyle:~$ 
root@Gargoyle:~$ ip route list table 3         list  list  list  list u listl liste list list
0:from all lookup local 
192:from 37.209.134.99 fwmark 0x0/0x8000 lookup 1 
193:from 37.209.134.66 fwmark 0x0/0x8000 lookup 2 
256:from all fwmark 0x100/0xff00 lookup 1 
257:from all fwmark 0x200/0xff00 lookup 2 
258:from all fwmark 0x300/0xff00 lookup 3 
32766:from all lookup main 
32767:from all lookup default 
root@Gargoyle:~$ ifconfig
3g-wan    Link encap:Point-to-Point Protocol  
          inet addr:37.209.134.99  P-t-P:10.64.64.65  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2417 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1771 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:2517589 (2.4 MiB)  TX bytes:108491 (105.9 KiB)

3g-wan2   Link encap:Point-to-Point Protocol  
          inet addr:37.209.134.66  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:861 errors:0 dropped:0 overruns:0 frame:0
          TX packets:972 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:266404 (260.1 KiB)  TX bytes:76384 (74.5 KiB)

br-lan    Link encap:Ethernet  HWaddr D8:5D:4C:E3:59:A8  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3162 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3487 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:170939 (166.9 KiB)  TX bytes:2977489 (2.8 MiB)

eth0      Link encap:Ethernet  HWaddr D8:5D:4C:E3:59:A8  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:515 errors:0 dropped:0 overruns:0 frame:0
          TX packets:515 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:40579 (39.6 KiB)  TX bytes:40579 (39.6 KiB)

mon.wlan0 Link encap:UNSPEC  HWaddr D8-5D-4C-E3-59-A8-00-00-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:1296011 (1.2 MiB)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr D8:5D:4C:E3:59:A8  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3160 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3542 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:215167 (210.1 KiB)  TX bytes:3057315 (2.9 MiB)

downloading in progress

root@Gargoyle:~$ cat /proc/net/nf_conntrack
ipv4     2 icmp     1 29 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8346 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8346 packets=1 bytes=84 mark=512 use=2
ipv4     2 tcp      6 50 TIME_WAIT src=192.168.1.225 dst=78.24.191.177 sport=1550 dport=443 packets=59 bytes=42248 src=78.24.191.177 dst=37.209.134.66 sport=443 dport=1550 packets=60 bytes=42119 [ASSURED] mark=512 use=2
ipv4     2 udp      17 22 src=192.168.1.225 dst=192.168.1.1 sport=1564 dport=53 packets=1 bytes=59 src=192.168.1.1 dst=192.168.1.225 sport=53 dport=1564 packets=1 bytes=59 mark=0 use=2
ipv4     2 icmp     1 15 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8320 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8320 packets=1 bytes=84 mark=768 use=2
ipv4     2 tcp      6 49 TIME_WAIT src=192.168.1.225 dst=192.168.1.1 sport=1415 dport=22 packets=1255 bytes=54204 src=192.168.1.1 dst=192.168.1.225 sport=22 dport=1415 packets=1242 bytes=172749 [ASSURED] mark=0 use=2
ipv4     2 icmp     1 21 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8334 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8334 packets=1 bytes=84 mark=768 use=2
ipv4     2 icmp     1 10 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8312 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8312 packets=1 bytes=84 mark=768 use=2
ipv4     2 udp      17 22 src=37.209.134.99 dst=193.41.112.14 sport=29629 dport=53 packets=1 bytes=59 src=193.41.112.14 dst=37.209.134.99 sport=53 dport=29629 packets=1 bytes=164 mark=768 use=2
ipv4     2 icmp     1 26 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8342 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8342 packets=1 bytes=84 mark=768 use=2
ipv4     2 tcp      6 61 TIME_WAIT src=192.168.1.225 dst=192.168.1.1 sport=1500 dport=22 packets=522 bytes=31744 src=192.168.1.1 dst=192.168.1.225 sport=22 dport=1500 packets=435 bytes=73297 [ASSURED] mark=0 use=2
ipv4     2 tcp      6 50 TIME_WAIT src=192.168.1.225 dst=68.232.35.119 sport=1562 dport=80 packets=6 bytes=681 src=68.232.35.119 dst=37.209.134.66 sport=80 dport=1562 packets=5 bytes=873 [ASSURED] mark=512 use=2
ipv4     2 icmp     1 11 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8316 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8316 packets=1 bytes=84 mark=512 use=2
ipv4     2 icmp     1 5 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8304 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8304 packets=1 bytes=84 mark=768 use=2
ipv4     2 icmp     1 6 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8308 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8308 packets=1 bytes=84 mark=512 use=2
ipv4     2 icmp     1 0 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8295 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8295 packets=1 bytes=84 mark=768 use=2
ipv4     2 icmp     1 1 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8300 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8300 packets=1 bytes=84 mark=512 use=2
ipv4     2 udp      17 22 src=192.168.1.225 dst=192.168.1.1 sport=1565 dport=53 packets=1 bytes=63 src=192.168.1.1 dst=192.168.1.225 sport=53 dport=1565 packets=1 bytes=63 mark=0 use=2
ipv4     2 tcp      6 50 TIME_WAIT src=192.168.1.225 dst=80.252.0.145 sport=1563 dport=80 packets=8 bytes=1073 src=80.252.0.145 dst=37.209.134.99 sport=80 dport=1563 packets=10 bytes=8950 [ASSURED] mark=768 use=2
ipv4     2 icmp     1 22 src=37.209.134.99 dst=8.8.8.8 type=8 code=0 id=8333 packets=3 bytes=252 src=8.8.8.8 dst=37.209.134.99 type=0 code=0 id=8333 packets=3 bytes=252 mark=768 use=2
ipv4     2 tcp      6 299 ESTABLISHED src=192.168.1.225 dst=192.168.1.1 sport=1414 dport=22 packets=1409 bytes=64052 src=192.168.1.1 dst=192.168.1.225 sport=22 dport=1414 packets=1356 bytes=196017 [ASSURED] mark=0 use=2
ipv4     2 tcp      6 599 ESTABLISHED src=192.168.1.225 dst=217.153.108.10 sport=1566 dport=80 packets=95 bytes=4190 src=217.153.108.10 dst=37.209.134.66 sport=80 dport=1566 packets=144 bytes=212055 [ASSURED] mark=512 use=2
ipv4     2 udp      17 22 src=37.209.134.99 dst=193.41.112.18 sport=29629 dport=53 packets=1 bytes=59 src=193.41.112.18 dst=37.209.134.99 sport=53 dport=29629 packets=1 bytes=164 mark=768 use=2
ipv4     2 icmp     1 21 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8338 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8338 packets=1 bytes=84 mark=512 use=2
ipv4     2 icmp     1 16 src=37.209.134.66 dst=8.8.8.8 type=8 code=0 id=8324 packets=1 bytes=84 src=8.8.8.8 dst=37.209.134.66 type=0 code=0 id=8324 packets=1 bytes=84 mark=512 use=2
ipv4     2 udp      17 104 src=192.168.1.225 dst=192.168.1.1 sport=1087 dport=53 packets=2 bytes=124 src=192.168.1.1 dst=192.168.1.225 sport=53 dport=1087 packets=2 bytes=469 [ASSURED] mark=0 use=2
root@Gargoyle:~$

(Last edited by marcel_ms on 2 May 2012, 22:48)

Post #161
Adze
3 May 2012, 08:52

I maybe see the issue here. As the output "cat /proc/net/nf_conntrack" shows a MARK value of 768. This value is incorrect and should be 256...

Could you also paste me the output of "iptables -L -t mangle -v -n" please? Would it be possible if i gained access to your router to do some more troubleshooting.

Thank you!

(Last edited by Adze on 3 May 2012, 18:00)

Post #162
swoofz
3 May 2012, 15:29
Adze wrote:
swoofz wrote:

Please advise. Thank you.

I think you have the same problem as nodoze. Start reading from post #95 to #105. As your post #150 suggests you not have a working connmark.

Good luck!

Hi Adze,
I read all the posts and I decided to do fresh install of OpenWRT trunk in my MR3420. I now managed to get mwan2 works as expected, I can now access my NAS remotely using the IP Public on my Cable WAN.

The next question will be, how can I configure all outgoing connections from 192.168.0.0/24 to use 3GWAN and never connect using WAN. On the other side, incoming connections through WAN can only be replied using WAN not 3GWAN. Is this possible to achieve using mwan? Pls advise.

Post #163
Adze
3 May 2012, 17:38

Nice to hear that it's working. big_smile

swoofz wrote:

How can I configure all outgoing connections from 192.168.0.0/24 to use 3GWAN and never connect using WAN.

Append the following lines to /etc/config/mwan2:

config 'rule'
    option 'src_ip' '192.168.0.0/24'
    list 'use_interface' '3GWAN'

Please note that mwan2 is not a firewall. If you want to be sure that traffic from 192.168.0.0/24 never traverses over WAN (e.g. when 3gWAN is down or incomming traffic from WAN), you should also add firewall rules.

swoofz wrote:

On the other side, incoming connections through WAN can only be replied using WAN not 3GWAN. Is this possible to achieve using mwan?

This is automatic default behavior of mwan2 and is achieved by packet marking. No config needed, even with above configuration.

(Last edited by Adze on 3 May 2012, 18:06)

Post #164
marcel_ms
3 May 2012, 18:53
Adze wrote:

I maybe see the issue here. As the output "cat /proc/net/nf_conntrack" shows a MARK value of 768. This value is incorrect and should be 256...

Could you also paste me the output of "iptables -L -t mangle -v -n" please? Would it be possible if i gained access to your router to do some more troubleshooting.

Thank you!

root@Gargoyle:~$ iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 2835 packets, 1404K bytes)
 pkts bytes target     prot opt in     out     source               destination
72947   40M mwan2_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 630 packets, 61030 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 2205 packets, 1343K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 612 packets, 62634 bytes)
 pkts bytes target     prot opt in     out     source               destination
 8103 1147K mwan2_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 2798 packets, 1405K bytes)
 pkts bytes target     prot opt in     out     source               destination
72787   40M mwan2_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 2076  213K bw_egress  all  --  *      3g-wan  0.0.0.0/0            0.0.0.0/0

Chain bw_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 1648 --reset_interval minute --intervals_to_save 359
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 1648 --reset_interval 180 --reset_time 180 --intervals_to_save 479
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 212465 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 212465 --reset_interval day --intervals_to_save 365
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12

Chain mwan2_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
    8  1500 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.65         MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         MARK or 0x8000
  277 31045 MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      MARK or 0x8000
  570  294K MARK       all  --  *      *       0.0.0.0/0            37.209.130.131      MARK or 0x8000
 1063  963K MARK       all  --  *      *       0.0.0.0/0            37.209.134.132      MARK or 0x8000
  147  9609 MARK       all  --  *      *       0.0.0.0/0            192.168.1.1         MARK or 0x8000

Chain mwan2_post (1 references)
 pkts bytes target     prot opt in     out     source               destination
  619 60764 MARK       all  --  *      3g-wan2  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
39221   36M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
72787   40M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan2_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
81050   41M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
  570  294K MARK       all  --  3g-wan2 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x200/0x7f00
81050   41M mwan2_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5484  385K mwan2_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan2_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
  553 41225 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x300/0xff00
root@Gargoyle:~$ route -n

My provider does not allow access from internet.

Post #165
Adze
3 May 2012, 19:05

For some reason only the rules for interface 3g-wan2 are there. Don't know why interface 3g-wan is missing... Is this always missing, also after rebooting?

Do you have the name of the interface correctly set in /etc/config/mwan2? Does it match with the interface name in /etc/config/network?

Post #166
marcel_ms
3 May 2012, 19:55
Adze wrote:

For some reason only the rules for interface 3g-wan2 are there. Don't know why interface 3g-wan is missing... Is this always missing, also after rebooting?

Do you have the name of the interface correctly set in /etc/config/mwan2? Does it match with the interface name in /etc/config/network?

3g-wan or 3g-wan2 is "still on line" a have script to check and restart connection

interface name is correct 


May  3 20:39:02 Gargoyle user.notice root: mwan2: Lost 2 ping(s) on interface wan (3g-wan)
May  3 20:39:02 Gargoyle user.notice root: mwan2: Lost 2 ping(s) on interface wan2 (3g-wan2)
May  3 20:39:20 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan2 (3g-wan2)
May  3 20:39:20 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan (3g-wan)
May  3 20:39:38 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan2 (3g-wan2)
May  3 20:39:38 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan (3g-wan)
May  3 20:39:45 Gargoyle daemon.warn dnsmasq[2260]: possible DNS-rebind attack detected: ngrb0ts.co.cc
May  3 20:39:55 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan2 (3g-wan2)
May  3 20:39:56 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan (3g-wan)
May  3 20:40:19 Gargoyle user.notice root: mwan2: Lost 2 ping(s) on interface wan2 (3g-wan2)
May  3 20:40:39 Gargoyle daemon.warn dnsmasq[2260]: possible DNS-rebind attack detected: ngrb0ts.co.cc
May  3 20:40:40 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan (3g-wan)
May  3 20:40:51 Gargoyle user.notice root: mwan2: Lost 3 ping(s) on interface wan2 (3g-wan2)
May  3 20:40:53 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan (3g-wan)
May  3 20:41:25 Gargoyle daemon.warn dnsmasq[2260]: possible DNS-rebind attack detected: ngrb0ts.co.cc
May  3 20:41:27 Gargoyle user.notice root: mwan2: Lost 1 ping(s) on interface wan2 (3g-wan2)
Post #167
Adze
3 May 2012, 20:03

That's a whole lot of pings lost, maybe the tracking values are to tight. You could try and remove them, to see if downloading remains stable. Try to remove the following lines in /etc/config/mwan2:

option 'track_ip' 'www.google.com'
option 'count' '1'
option 'timeout' '2'
option 'interval' '5'

(Last edited by Adze on 3 May 2012, 20:06)

Post #168
Adze
25 May 2012, 09:23

mwan2 has had an update, so it's now compatible with netifd.

Post #169
baojia
25 May 2012, 11:31

it is possible to load balancing with client mode and the wan port?
i mean a wired wan and a wireless wan.

Post #170
VeNoM
25 May 2012, 11:44
Adze wrote:

mwan2 has had an update, so it's now compatible with netifd.

Perfect. Last night I tested with the latest trunk build the old version and did not work.

Post #171
Adze
25 May 2012, 11:59
baojia wrote:

it is possible to load balancing with client mode and the wan port?
i mean a wired wan and a wireless wan.

Yes

Post #172
minimou
31 May 2012, 22:31

Hi

I haven't looked into mwan2 but it seems to be a good soft (hotplug, netifd support, qos-scripts compatibility) (just quickly read all the posts)
I'm an active user of the multiwan package but i've just discovered mwan2

First a small suggestion:
-the forum is not the only place, send a quick mail to openwrt-devel@lists.openwrt.org to annonce your soft

This said, a quick sumup on load balancing:
-packet based load balancing: for this either you have to make all the traffic go throught 1 point (rent a server, make vpn connection to it via each wan link .....) or own a small public ip subnet and an AS
http://en.wikipedia.org/wiki/Multihoming.

-connection/session based load balancing: each new connection (new state for conntrack) is put on a wan. Once the connection is opened (related/established state for conntrack), the connection go through the same wan. It's the case of the multiwan package. It use "statistic mode random probability 0.X" in iptables to randomly assign a wan link for new connection.
Pro: If you make 10 connections to 1 IP, you can use the full capacity of your wans

-route based load balancing: it's the case of mwan2 (for the moment), when you start a connection, the route is cached for X sec so every new connections to the same IP will go through 1 wan
Pro:?
Con: The load balancing is worse, but with many clients it still help (you can't add the speed of your wan with multiple connections to 1 IP)


As your script seems to have good "dynamic" handling (hotplug, netifd), and compatibility with qos-scripts ..., could you think of making it session based load balancing.
You already use connmark & co so the argument of using less iptables than "multiwan" is not really valid


In every case i hope i will find some time to test your work
Thanks for your job
Etienne

Post #173
Adze
31 May 2012, 23:07

Hi Minimou,


I completely agree with you. The thing that is missing is session based load balancing. I have thought of it, but haven't found a good solution yet...

The problem i have is this.

Route based load balancing should be active as default. This for compatibility reasons. Some websites rely on all connections comming from the same host as well as game servers e.a. Session based load balancing could be added as a per rule option.

But the difficult problem is how to do session based load balancing the easy way. In the past you could add equalize after the ip route statement and the kernel would take care of the distribution. But it seems this option got dropped due to instability issues. You could disable route caching, but this impacts routing performance.

You could go for, as you suggested, iptables probability factor. But than i have the problem how to deterime the factor, as mwan2 is started for each interface individually, it has no knowledge of other interfaces and therefor can't calculate the factor.

I'm still working on this.

(Last edited by Adze on 31 May 2012, 23:08)

Post #174
Adze
2 Jun 2012, 13:13

Hi all,


As of version 1.4, mwan2 now supports session-based load sharing. Please read the mwan2 config file for more information. Also the config has changed a little. You now NEED to define at least one rule to make mwan2 work.

Below an example of a typical configuration.

#This is an mwan2 example config. In this config we define three load-balanced interfaces. Interface
#wan and wan2 are primary and load-balanced. Interface wan3 is a backup in case both wan and wan2 have
#failed. Load between wan and wan2 is shared on factor of 3:2. Both wan and wan2 have connection
#monitoring active. Interface wan3 is a last resort, so no connection monitoring there.

config 'interface' 'wan'
        option 'enabled' '1'
        option 'metric' '1'
        option 'weight' '3'
        option 'track_ip' '8.8.8.8'
        option 'count' '1'
        option 'timeout' '2'
        option 'interval' '5'
        option 'down' '3'
        option 'up' '8'

config 'interface' 'wan2'
        option 'enabled' '1'
        option 'metric' '1'
        option 'weight' '2'
        option 'track_ip' '8.8.4.4'
        option 'count' '1'
        option 'timeout' '2'
        option 'interval' '5'
        option 'down' '3'
        option 'up' '8'

config 'interface' 'wan3'
        option 'enabled' '1'
        option 'metric' '2'
        option 'weight' '1'

#Below are the load balancing rules. These rules are matched in order, so if you define a matching
#rule, all following matches are ignored. By default mwan2 will load-balance nothing so to make mwan2
#work you have to define at least a default rule.

#Below an example to divert traffic to 192.168.0.0/16 to use the default routing table. This is used
#to reach subnets that are e.g. behind vpn tunnels or behind routers on the local lan.

config 'rule'
        option 'dest_ip' '192.168.0.0/16'
        list 'use_interface' 'default'

#Next an example rule which will send tcp traffic from 192.168.21.0 with destination port 563 only
#out on interface wan.

config 'rule'
        option 'src_ip' '192.168.21.0/24'
        option 'proto' 'tcp'
        option 'dest_port' '563'
        list 'use_interface' 'wan'

#Next example will send tcp traffic from 192.168.21.0 with destination port 995 out on interfaces wan
#and wan2. This time we equalize the load on a session basis instead of route based.

config 'rule'
        option 'src_ip' '192.168.21.0/24'
        option 'proto' 'tcp'
        option 'dest_port' '995'
        option 'equalize' '1'
        list 'use_interface' 'wan'
        list 'use_interface' 'wan2'

#The last example is the default rule. All traffic that did not match before will be route balanced
#over all three interfaces. Option equalize is available, but to maintain compatibility we leave it
#out for now.

config 'rule'
        option 'dest_ip' '0.0.0.0/0'
        #option 'equalize' '1'
        list 'use_interface' 'wan'
        list 'use_interface' 'wan2'
        list 'use_interface' 'wan3'

Comments are welcome wink

(Last edited by Adze on 2 Jun 2012, 13:14)

Post #175
crisman
17 Jun 2012, 13:46

is it supposed to work with 2 wans having the same gateway address?