OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

headless.cross wrote:

What info can I provide to investigate further the problem?

Did you try it with reroute on or off?
On what interface and ip address is privoxy listening?
Does privoxy work when mwan3 is not active?
Did you add a rule for this address to use policy default?
Maybe you could provide a tcpdump?

Thnx

I found problem restarting mwan3:

root@openwrt:~# /etc/init.d/mwan3 restart
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 1: !/bin/sh: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 16: [-z: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 1: !/bin/sh: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 16: [-z: not found

root@openwrt:~# cd /etc/hotplug.d/iface/

root@openwrt:/etc/hotplug.d/iface# ls -al
drwxrwxr-x    2 root     root           129 Aug  8 15:38 .
drwxr-xr-x    9 root     root           109 Aug  8 15:25 ..
-rw-rw-r--    1 root     root           337 Aug  8 15:03 00-netstate
-rwxrwxr-x    1 root     root           114 Aug  8 15:03 10-qos
-rw-rw-r--    1 root     root          9738 Aug  8 15:10 15-mwan3
-rwxr-xr-x    1 root     root           486 Aug  8 15:26 15-teql
-rw-r--r--    1 root     root           537 Aug  8 15:29 20-firewall
-rw-rw-r--    1 root     root           267 Aug  8 15:04 40-voice

root@openwrt:/etc/hotplug.d/iface# vi 40-voice
!/bin/sh
. /lib/functions.sh

if [ "$ACTION" == "ifup" ]; then
        # get voice interface name and run voice
        voice_iface=$(uci_get voice.ifname.ifname)

        if [-z $voice_iface ]; then
                exit
        fi

        if [ $INTERFACE == $voice_iface ]; then
                /etc/init.d/voice start
        fi

fi


root@openwrt:/etc/hotplug.d/usb# ls -al
drwxr-xr-x    2 root     root            63 Aug  8 15:38 .
drwxr-xr-x   10 root     root           296 Aug 13 14:55 ..
-rw-rw-r--    1 root     root           129 Aug  8 15:04 10-usb
-rw-r--r--    1 root     root          3073 Aug  8 15:25 20-modeswitch
-rw-rw-r--    1 root     root           413 Aug  8 15:04 30-3g


root@openwrt:/etc/hotplug.d/tty# ls -al
drwxr-xr-x    2 root     root            28 Aug  8 15:38 .
drwxr-xr-x   10 root     root           296 Aug 13 14:55 ..
-rw-r--r--    1 root     root          1088 Aug  8 15:34 30-3g

Any help?

The first line in file:

#!/bin/sh

Is missing a "#"

WRONG!!!!

root@openwrt:/etc/hotplug.d/iface# vi 40-voice
!/bin/sh
. /lib/functions.sh

[]'s
Renato

Adze wrote:

Did you try it with reroute on or off?

Both. Same result (connection reset).

Adze wrote:

On what interface and ip address is privoxy listening?

iface: br-lan, IP: 10.0.2.1/28

Adze wrote:

Does privoxy work when mwan3 is not active?

Yes.

Adze wrote:

Did you add a rule for this address to use policy default?

No, because it was not needed with previous versions of mwan3.

Adze wrote:

Maybe you could provide a tcpdump?

Here is the dump (started tcpdump before the request and stopped after the "Connection Reset" appeared) for accessing stackoverflow.com.

02:18:11.527061 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 2081114514:2081114566, ack 2569273824, win 18760, length 52
02:18:11.527314 IP admin.lan.3408 > dw.lan.22022: Flags [.], ack 52, win 65083, length 0
02:18:11.527490 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 52:104, ack 1, win 18760, length 52
02:18:11.527886 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 104:172, ack 1, win 18760, length 68
02:18:11.528128 IP admin.lan.3408 > dw.lan.22022: Flags [.], ack 172, win 64963, length 0
02:18:11.528362 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 172:224, ack 1, win 18760, length 52
02:18:11.531975 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 224:276, ack 1, win 18760, length 52
02:18:11.532216 IP admin.lan.3408 > dw.lan.22022: Flags [.], ack 276, win 64859, length 0
02:18:11.532481 IP dw.lan.22022 > admin.lan.3408: Flags [P.], seq 276:392, ack 1, win 18760, length 116
02:18:11.702271 IP admin.lan.3408 > dw.lan.22022: Flags [.], ack 392, win 64743, length 0
02:18:13.476353 IP admin.lan.55680 > dw.lan.domain: 41840+ A? XXX.XXX.XXX.XXX. (35)
02:18:13.720518 IP dw.lan.domain > admin.lan.55680: 41840 1/0/1 A YYY.YYY.YYY.YYY (62)
02:18:13.722759 IP admin.lan.61445 > dw.lan.domain: 56446+ A? XXX.XXX.XXX.XXX. (35)
02:18:13.723161 IP dw.lan.domain > admin.lan.61445: 56446 1/0/0 A YYY.YYY.YYY.YYY (51)
02:18:14.461931 IP admin.lan.3906 > stackoverflow.com.www: Flags [S], seq 3773333230, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:18:17.437084 IP admin.lan.3906 > stackoverflow.com.www: Flags [S], seq 3773333230, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:18:23.472669 IP admin.lan.3906 > stackoverflow.com.www: Flags [S], seq 3773333230, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:18:35.446010 IP admin.lan.49953 > dw.lan.domain: 48995+ A? www.stackoverflow.com. (39)
02:18:35.446511 IP dw.lan.domain > admin.lan.49953: 48995 2/0/0 CNAME stackoverflow.com., A 198.252.206.16 (86)
02:18:35.447460 IP admin.lan.3908 > stackoverflow.com.www: Flags [S], seq 3147207046, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:18:38.461057 IP admin.lan.3908 > stackoverflow.com.www: Flags [S], seq 3147207046, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:18:42.593517 IP admin.lan.netbios-dgm > 10.0.2.15.netbios-dgm: NBT UDP PACKET(138)
02:18:43.481001 IP admin.lan.49980 > dw.lan.domain: 18073+ A? XXX.XXX.XXX.XXX. (35)
02:18:43.481533 IP dw.lan.domain > admin.lan.49980: 18073 1/0/0 A YYY.YYY.YYY.YYY (51)
02:18:44.396055 IP admin.lan.3908 > stackoverflow.com.www: Flags [S], seq 3147207046, win 65535, options [mss 1460,nop,nop,sackOK], length 0
02:19:00.255458 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2815130761:2815130845, ack 1753955101, win 64699, length 84
02:19:00.291571 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 84, win 27968, length 0
02:19:00.291829 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 84:136, ack 1, win 64699, length 52
02:19:00.291983 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 136, win 27968, length 0
02:19:00.292959 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 1:85, ack 136, win 27968, length 84
02:19:00.293557 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 136:236, ack 85, win 64615, length 100
02:19:00.331518 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 236, win 27968, length 0
02:19:00.331758 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 236:288, ack 85, win 64615, length 52
02:19:00.331884 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 288, win 27968, length 0
02:19:00.338138 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 85:617, ack 288, win 27968, length 532
02:19:00.339793 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 617:685, ack 288, win 27968, length 68
02:19:00.340024 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 685, win 65535, length 0
02:19:01.511636 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 288:372, ack 685, win 65535, length 84
02:19:01.551501 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 372, win 27968, length 0
02:19:01.551752 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 372:424, ack 685, win 65535, length 52
02:19:01.551879 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 424, win 27968, length 0
02:19:01.552571 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 685:769, ack 424, win 27968, length 84
02:19:01.553078 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 424:524, ack 769, win 65451, length 100
02:19:01.591500 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 524, win 27968, length 0
02:19:01.591739 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 524:576, ack 769, win 65451, length 52
02:19:01.591863 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 576, win 27968, length 0
02:19:01.598623 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 769:1301, ack 576, win 27968, length 532
02:19:01.599515 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 1301:1369, ack 576, win 27968, length 68
02:19:01.599755 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 1369, win 64851, length 0
02:19:02.559609 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 576:660, ack 1369, win 64851, length 84
02:19:02.591501 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 660, win 27968, length 0
02:19:02.591761 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 660:712, ack 1369, win 64851, length 52
02:19:02.591911 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 712, win 27968, length 0
02:19:02.592890 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 1369:1453, ack 712, win 27968, length 84
02:19:02.593398 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 712:812, ack 1453, win 64767, length 100
02:19:02.631527 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 812, win 27968, length 0
02:19:02.631767 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 812:864, ack 1453, win 64767, length 52
02:19:02.631894 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 864, win 27968, length 0
02:19:02.638525 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 1453:1985, ack 864, win 27968, length 532
02:19:02.639407 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 1985:2053, ack 864, win 27968, length 68
02:19:02.639650 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 2053, win 64167, length 0
02:19:02.951588 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 864:948, ack 2053, win 64167, length 84
02:19:02.991526 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 948, win 27968, length 0
02:19:02.991772 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 948:1000, ack 2053, win 64167, length 52
02:19:02.991901 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1000, win 27968, length 0
02:19:02.992597 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 2053:2137, ack 1000, win 27968, length 84
02:19:02.993106 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1000:1100, ack 2137, win 64083, length 100
02:19:03.031515 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1100, win 27968, length 0
02:19:03.031753 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1100:1152, ack 2137, win 64083, length 52
02:19:03.031878 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1152, win 27968, length 0
02:19:03.038521 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 2137:2669, ack 1152, win 27968, length 532
02:19:03.039439 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 2669:2737, ack 1152, win 27968, length 68
02:19:03.039678 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 2737, win 65535, length 0
02:19:03.143575 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1152:1236, ack 2737, win 65535, length 84
02:19:03.181516 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1236, win 27968, length 0
02:19:03.181767 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1236:1288, ack 2737, win 65535, length 52
02:19:03.181903 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1288, win 27968, length 0
02:19:03.182588 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 2737:2821, ack 1288, win 27968, length 84
02:19:03.183083 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1288:1388, ack 2821, win 65451, length 100
02:19:03.221522 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1388, win 27968, length 0
02:19:03.221758 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1388:1440, ack 2821, win 65451, length 52
02:19:03.221882 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1440, win 27968, length 0
02:19:03.228171 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 2821:3353, ack 1440, win 27968, length 532
02:19:03.229060 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 3353:3421, ack 1440, win 27968, length 68
02:19:03.229300 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 3421, win 64851, length 0
02:19:03.343572 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1440:1524, ack 3421, win 64851, length 84
02:19:03.381537 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1524, win 27968, length 0
02:19:03.381782 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1524:1576, ack 3421, win 64851, length 52
02:19:03.381916 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1576, win 27968, length 0
02:19:03.382599 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 3421:3505, ack 1576, win 27968, length 84
02:19:03.383203 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1576:1676, ack 3505, win 64767, length 100
02:19:03.421514 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1676, win 27968, length 0
02:19:03.421753 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1676:1728, ack 3505, win 64767, length 52
02:19:03.422019 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1728, win 27968, length 0
02:19:03.428292 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 3505:4037, ack 1728, win 27968, length 532
02:19:03.429174 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4037:4105, ack 1728, win 27968, length 68
02:19:03.429415 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 4105, win 64167, length 0
02:19:03.535688 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1728:1812, ack 4105, win 64167, length 84
02:19:03.571521 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1812, win 27968, length 0
02:19:03.571768 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1812:1864, ack 4105, win 64167, length 52
02:19:03.572037 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1864, win 27968, length 0
02:19:03.572675 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4105:4189, ack 1864, win 27968, length 84
02:19:03.573187 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1864:1964, ack 4189, win 64083, length 100
02:19:03.611520 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 1964, win 27968, length 0
02:19:03.611791 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 1964:2016, ack 4189, win 64083, length 52
02:19:03.612172 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2016, win 27968, length 0
02:19:03.620405 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4189:4721, ack 2016, win 27968, length 532
02:19:03.621290 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4721:4789, ack 2016, win 27968, length 68
02:19:03.621532 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 4789, win 65535, length 0
02:19:03.727596 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2016:2100, ack 4789, win 65535, length 84
02:19:03.728127 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4789:4841, ack 2100, win 27968, length 52
02:19:03.728381 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2100:2152, ack 4841, win 65483, length 52
02:19:03.729107 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4841:4925, ack 2152, win 27968, length 84
02:19:03.729598 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2152:2252, ack 4925, win 65399, length 100
02:19:03.761519 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2252, win 27968, length 0
02:19:03.761756 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2252:2304, ack 4925, win 65399, length 52
02:19:03.762021 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2304, win 27968, length 0
02:19:03.769106 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 4925:5457, ack 2304, win 27968, length 532
02:19:03.770100 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 5457:5525, ack 2304, win 27968, length 68
02:19:03.770339 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 5525, win 64799, length 0
02:19:03.911688 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2304:2388, ack 5525, win 64799, length 84
02:19:03.951512 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2388, win 27968, length 0
02:19:03.951751 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2388:2440, ack 5525, win 64799, length 52
02:19:03.952017 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2440, win 27968, length 0
02:19:03.952654 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 5525:5609, ack 2440, win 27968, length 84
02:19:03.953155 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2440:2540, ack 5609, win 64715, length 100
02:19:03.991520 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2540, win 27968, length 0
02:19:03.991760 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2540:2592, ack 5609, win 64715, length 52
02:19:03.992029 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2592, win 27968, length 0
02:19:03.998638 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 5609:6141, ack 2592, win 27968, length 532
02:19:03.999524 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6141:6209, ack 2592, win 27968, length 68
02:19:03.999768 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 6209, win 64115, length 0
02:19:04.087650 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2592:2676, ack 6209, win 64115, length 84
02:19:04.121516 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2676, win 27968, length 0
02:19:04.121763 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2676:2728, ack 6209, win 64115, length 52
02:19:04.122032 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2728, win 27968, length 0
02:19:04.122669 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6209:6293, ack 2728, win 27968, length 84
02:19:04.123168 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2728:2828, ack 6293, win 65535, length 100
02:19:04.161519 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2828, win 27968, length 0
02:19:04.161752 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2828:2880, ack 6293, win 65535, length 52
02:19:04.162133 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2880, win 27968, length 0
02:19:04.168604 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6293:6825, ack 2880, win 27968, length 532
02:19:04.169960 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6825:6893, ack 2880, win 27968, length 68
02:19:04.170192 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 6893, win 64935, length 0
02:19:04.263611 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2880:2964, ack 6893, win 64935, length 84
02:19:04.301518 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 2964, win 27968, length 0
02:19:04.301758 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 2964:3016, ack 6893, win 64935, length 52
02:19:04.302018 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3016, win 27968, length 0
02:19:04.302653 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6893:6977, ack 3016, win 27968, length 84
02:19:04.303147 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3016:3116, ack 6977, win 64851, length 100
02:19:04.341520 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3116, win 27968, length 0
02:19:04.341757 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3116:3168, ack 6977, win 64851, length 52
02:19:04.342023 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3168, win 27968, length 0
02:19:04.348276 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 6977:7509, ack 3168, win 27968, length 532
02:19:04.349164 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 7509:7577, ack 3168, win 27968, length 68
02:19:04.349406 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 7577, win 64251, length 0
02:19:04.439625 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3168:3252, ack 7577, win 64251, length 84
02:19:04.471545 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3252, win 27968, length 0
02:19:04.471841 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3252:3304, ack 7577, win 64251, length 52
02:19:04.472112 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3304, win 27968, length 0
02:19:04.472745 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 7577:7661, ack 3304, win 27968, length 84
02:19:04.473565 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3304:3404, ack 7661, win 64167, length 100
02:19:04.511518 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3404, win 27968, length 0
02:19:04.511826 IP admin.lan.3615 > dw.lan.22022: Flags [P.], seq 3404:3456, ack 7661, win 64167, length 52
02:19:04.512197 IP dw.lan.22022 > admin.lan.3615: Flags [.], ack 3456, win 27968, length 0
02:19:04.519663 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 7661:8193, ack 3456, win 27968, length 532
02:19:04.520554 IP dw.lan.22022 > admin.lan.3615: Flags [P.], seq 8193:8261, ack 3456, win 27968, length 68
02:19:04.520806 IP admin.lan.3615 > dw.lan.22022: Flags [.], ack 8261, win 65535, length 0
02:19:11.889864 IP admin.lan.3408 > dw.lan.22022: Flags [P.], seq 1:53, ack 392, win 64743, length 52

(Last edited by headless.cross on 14 Aug 2013, 00:27)

tcherenato wrote:

The first line in file:

#!/bin/sh

Is missing a "#"

WRONG!!!!

root@openwrt:/etc/hotplug.d/iface# vi 40-voice
!/bin/sh
. /lib/functions.sh

[]'s
Renato

Thanks Renato.

vinca wrote:

I found problem restarting mwan3:

root@openwrt:~# /etc/init.d/mwan3 restart
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 1: !/bin/sh: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 16: [-z: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 1: !/bin/sh: not found
/sbin/hotplug-call: /etc/hotplug.d/iface/40-voice: line 16: [-z: not found

root@openwrt:~# cd /etc/hotplug.d/iface/

root@openwrt:/etc/hotplug.d/iface# ls -al
drwxrwxr-x    2 root     root           129 Aug  8 15:38 .
drwxr-xr-x    9 root     root           109 Aug  8 15:25 ..
-rw-rw-r--    1 root     root           337 Aug  8 15:03 00-netstate
-rwxrwxr-x    1 root     root           114 Aug  8 15:03 10-qos
-rw-rw-r--    1 root     root          9738 Aug  8 15:10 15-mwan3
-rwxr-xr-x    1 root     root           486 Aug  8 15:26 15-teql
-rw-r--r--    1 root     root           537 Aug  8 15:29 20-firewall
-rw-rw-r--    1 root     root           267 Aug  8 15:04 40-voice

root@openwrt:/etc/hotplug.d/iface# vi 40-voice
!/bin/sh
. /lib/functions.sh

if [ "$ACTION" == "ifup" ]; then
        # get voice interface name and run voice
        voice_iface=$(uci_get voice.ifname.ifname)

        if [-z $voice_iface ]; then
                exit
        fi

        if [ $INTERFACE == $voice_iface ]; then
                /etc/init.d/voice start
        fi

fi


root@openwrt:/etc/hotplug.d/usb# ls -al
drwxr-xr-x    2 root     root            63 Aug  8 15:38 .
drwxr-xr-x   10 root     root           296 Aug 13 14:55 ..
-rw-rw-r--    1 root     root           129 Aug  8 15:04 10-usb
-rw-r--r--    1 root     root          3073 Aug  8 15:25 20-modeswitch
-rw-rw-r--    1 root     root           413 Aug  8 15:04 30-3g


root@openwrt:/etc/hotplug.d/tty# ls -al
drwxr-xr-x    2 root     root            28 Aug  8 15:38 .
drwxr-xr-x   10 root     root           296 Aug 13 14:55 ..
-rw-r--r--    1 root     root          1088 Aug  8 15:34 30-3g

Any help?


And about line 16: there is a space between the [ and the -, on line 8:   "if [ -z $voice_iface ]; then"

(Last edited by vinca on 14 Aug 2013, 08:26)

Hi Vinca,


Why are you posting these issues here? This file (/etc/hotplug.d/iface/40-voice) is not part of mwan3. Please stop cluttering this topic!


Thnx

Hi headless.cross,


I will try to replicate your situation and see where things go bork. A last question: Does privoxy work with mwan3 enabled, but without the redirection (browser has proxy setting set)?


Thnx

Adze wrote:

A last question: Does privoxy work with mwan3 enabled, but without the redirection (browser has proxy setting set)?

It's a transparent proxy, thus there is no need to set any proxy settings at any browser, so the privoxy works at the same time with mwan3, with the difference that I have turned off a firewall rule (80 port redirection to internal 8118 on which privoxy is listening) and everything works as expected.

headless.cross wrote:

It's a transparent proxy, thus there is no need to set any proxy settings at any browser.

Yes, i know... but i just wanted to know if the problem is with mwan3 + privoxy or mwan3 + redirect. Maybe you could try and see if privoxy works without the redirect rule?

And just for my info; what does this redirect rule look like.

Thnx


Edit: mwan3 + privoxy works fine on my test setup. Haven't checked with redirect though

root@OpenWrt:/tmp# env | grep proxy
http_proxy=http://192.168.33.2:8118
root@OpenWrt:/tmp# wget --proxy on http://213.136.13.52/openwrt-ar71xx-generic-wndr3700-squashfs-factory.img
Connecting to 192.168.33.2:8118 (192.168.33.2:8118)
openwrt-ar71xx-gener 100% |*****************************|  2688k  0:00:00 ETA

(Last edited by Adze on 14 Aug 2013, 12:41)

Adze wrote:

Maybe you could try and see if privoxy works without the redirect rule?

If by saying "privoxy works" you mean that it is filtering content, the answer is no, all the ads and other stuff that I have blocked, are showing on websites etc.

Adze wrote:

And just for my info; what does this redirect rule look like.

config redirect
    option target 'DNAT'
    option dest 'lan'
    option proto 'tcp'
    option src 'lan'
    option src_dip '!10.0.2.1'
    option src_dport '80'
    option dest_ip '10.0.2.1'
    option dest_port '8118'
    option name 'Transparent Proxy [privoxy]'
    option enabled '0' <- disabled for now and everything works as expected.

Thanks in advance.

headless.cross wrote:

If by saying "privoxy works" you mean that it is filtering content, the answer is no, all the ads and other stuff that I have blocked, are showing on websites etc.

I actually ment, does prvoxy work without the redirect rule, but with the browser set to use the proxy at port 8118?

I know you want a transparent proxy, but it's just for the test...

Adze wrote:

I actually ment, does prvoxy work without the redirect rule, but with the browser set to use the proxy at port 8118?

I know you want a transparent proxy, but it's just for the test...

Yes, it works sad.

Please remove "option dest 'lan'" in your redirect rule, and try again. wink

Adze wrote:

Please remove "option dest 'lan'" in your redirect rule, and try again. wink

The result is the same, "connection reset".

Hi Adze,
sorry for previous post, which is not part of mwan3.
My configuration for 3g failover is following:

root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3gg
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.16.0     0.0.0.0         255.255.255.0   U     10     0        0 eth1
0.0.0.0         192.168.16.1     0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.64.64.64     0.0.0.0         UG    30     0        0 3gg

root@openwrt:~# ping -c 1 -I eth1 [url=http://www.google.com]www.google.com[/url]
PING [url=http://www.google.com]www.google.com[/url] (173.194.44.51): 56 data bytes
64 bytes from 173.194.44.51: seq=0 ttl=45 time=26.765 ms
--- [url=http://www.google.com]www.google.com[/url] ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 26.765/26.765/26.765 ms

root@openwrt:~# ping -c 1 -I 3gg [url=http://www.google.com]www.google.com[/url]
PING [url=http://www.google.com]www.google.com[/url] (173.194.44.48): 56 data bytes
64 bytes from 173.194.44.48: seq=0 ttl=50 time=340.803 ms
--- [url=http://www.google.com]www.google.com[/url] ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 340.803/340.803/340.803 ms

root@openwrt:~# cat /etc/config/network
config switch 'eth0'
        option enable '1'

config switch_vlan 'eth0_1'
        option device 'eth0'
        option vlan '1'
        option ports '0 1 2 3 4'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface '3g'
        option ifname 'ppp0'
        option device '/dev/ttyUSB2'
        option service 'umts'
        option proto '3g'
        option ctrldev '/dev/ttyUSB1'
        option apn ‘AGD’
        option pincode '1234'
        option username 'user'
        option password 'user'
        option metric '30'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth1'
        option metric '10'

root@openwrt:~# cat /etc/config/mwan3

config interface '3g'
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '8.8.4.4'
        option reliability '1'
        option count '1'
        option timeout '2'
        option down '3'
        option up '3'
        option interval '3'

config interface 'wan'
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '8.8.4.4'
        option reliability '1'
        option count '1'
        option timeout '2'
        option down '3'
        option up '3'
        option interval '3'

config member 'wan_m1_w2'
        option interface 'wan'
        option metric '1'
        option weight '2'

config member 'wan_m2_w2'
        option interface 'wan'
        option metric '2'
        option weight '2'

config member '3g_m1_w3'
        option interface '3g'
        option metric '1'
        option weight '3'

config member '3g_m2_w3'
        option interface '3g'
        option metric '2'
        option weight '3'

config policy 'wan_only'
        list use_member 'wan_m1_w2'

config policy '3g_only'
        list use_member '3g_m1_w3'

config policy 'wan_pri_3g_sec'
        list use_member 'wan_m1_w2'
        list use_member '3g_m2_w3'

config rule 'wan_3g'
        option dest_ip '0.0.0.0/0'
        option proto 'all'
        option use_policy 'wan_pri_3g_sec'

root@openwrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option network 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option name '3g'
        option output 'ACCEPT'
        option network '3g'
        option masq '1'
        option mtu_fix '1'
        option forward 'REJECT'
        option input 'ACCEPT'

config forwarding
        option dest '3g'
        option src 'lan'

config forwarding
        option dest 'wan'
        option src 'lan'


root@openwrt:~# ip rule
0:      from all lookup local
1001:   from all fwmark 0x100/0xff00 lookup 1001
1002:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
32766:  from all lookup main
32767:  from all lookup default
root@openwrt:~# ip route list table 1001
default via 10.64.64.64 dev 3gg
root@openwrt:~# ip route list table 1002
default via 192.168.16.1 dev eth1
root@openwrt:~# ip route list table 1016
default via 192.168.16.1 dev eth1  metric 1
root@openwrt:~# ip route list table 1017
default via 10.64.64.64 dev 3gg  metric 1
root@openwrt:~# ip route list table 1018
default via 192.168.16.1 dev eth1  metric 1
default via 10.64.64.64 dev 3gg  metric 2

root@openwrt:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 56507 packets, 12M bytes)
 pkts bytes target     prot opt in     out     source               destination
74049   14M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 30247 packets, 3472K bytes)
 pkts bytes target     prot opt in     out     source               destination
42464 4850K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 19275 packets, 7401K bytes)
 pkts bytes target     prot opt in     out     source               destination
39332   18M zone_3g_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0
39332   18M zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 10558 packets, 1408K bytes)
 pkts bytes target     prot opt in     out     source               destination
21763 3160K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 30021 packets, 8830K bytes)
 pkts bytes target     prot opt in     out     source               destination
43903   11M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
 1696  150K MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
  180 14474 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match !0x8000/0x8000 MARK or 0x8000
12512 1789K MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      mark match !0x8000/0x8000 MARK or 0x8000
  103 13463 MARK       all  --  *      *       0.0.0.0/0            192.168.16.0/24      mark match !0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (2 references)
 pkts bytes target     prot opt in     out     source               destination
12545 1827K MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
 2807  236K MARK       all  --  *      3gg   0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
64984   13M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
86367   16M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
95812   17M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
35902 8896K MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
 2805  236K MARK       all  --  3gg  *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
49226 6729K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
11375  959K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
 7321  656K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1200/0xff00

Chain qos_Default (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff
    0     0 qos_Default_ct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
    0     0 MARK       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x02 MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x10 MARK xset 0x1/0xff

Chain qos_Default_ct (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 22,53 MARK xset 0x1/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp multiport ports 22,53 MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 20,21,25,80,110,443,993,995 MARK xset 0x3/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 5190 MARK xset 0x2/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp multiport ports 5190 MARK xset 0x2/0xff
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff

Chain zone_3g_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      3gg   0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
  462 23828 TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

After wan cable unplugged:

root@openwrt:~# logread -f |grep mwan
Aug 14 09:06:23 openwrt user.notice mwan3track: Interface wan (eth1) is offline
Aug 14 09:06:23 openwrt user.notice mwan3: ifdown interface wan (eth1)

ping doesn't work and configuration is bellow:

root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3gg
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.16.0     0.0.0.0         255.255.255.0   U     10     0        0 eth1
0.0.0.0         192.168.16.1     0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.64.64.64     0.0.0.0         UG    30     0        0 3gg
root@openwrt:~# ip rule
0:      from all lookup local
1001:   from all fwmark 0x100/0xff00 lookup 1001
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
32766:  from all lookup main
32767:  from all lookup default
root@openwrt:~# ip route list table 1001
default via 10.64.64.64 dev 3gg
root@openwrt:~# ip route list table 1016
default via 192.168.16.1 dev eth1  metric 1
root@openwrt:~# ip route list table 1017
default via 10.64.64.64 dev 3gg  metric 1
root@openwrt:~# ip route list table 1018
default via 192.168.16.1 dev eth1  metric 1
default via 10.64.64.64 dev 3gg  metric 2

root@openwrt:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 4517 packets, 362K bytes)
 pkts bytes target     prot opt in     out     source               destination
86269   15M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 2729 packets, 249K bytes)
 pkts bytes target     prot opt in     out     source               destination
49893 5649K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 1680 packets, 108K bytes)
 pkts bytes target     prot opt in     out     source               destination
43014   19M zone_3g_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0
43014   19M zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 7594 packets, 562K bytes)
 pkts bytes target     prot opt in     out     source               destination
30946 3913K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 7701 packets, 585K bytes)
 pkts bytes target     prot opt in     out     source               destination
55230   13M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
  230 21276 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
   16   928 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64         mark match !0x8000/0x8000 MARK or 0x8000
 3929  346K MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      mark match !0x8000/0x8000 MARK or 0x8000
  804 81027 MARK       all  --  *      *       0.0.0.0/0            192.168.16.0/24      mark match !0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (2 references)
 pkts bytes target     prot opt in     out     source               destination
 3381  284K MARK       all  --  *      3gg   0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
76608   15M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
 105K   18M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
 117K   19M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
 3379  284K MARK       all  --  3gg  *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
64880 8105K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
15501 1244K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3074  193K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1200/0xff00

Chain qos_Default (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff
    0     0 qos_Default_ct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
    0     0 MARK       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x02 MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x10 MARK xset 0x1/0xff

Chain qos_Default_ct (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 22,53 MARK xset 0x1/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp multiport ports 22,53 MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 20,21,25,80,110,443,993,995 MARK xset 0x3/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff tcp multiport ports 5190 MARK xset 0x2/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff udp multiport ports 5190 MARK xset 0x2/0xff
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff

Chain zone_3g_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TCPMSS     tcp  --  *      3gg   0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination

Why ping doesn't work on cable unplug? Is mwan3 correctly configured?

Thanks,
Vinca

Hmmm. too bad. Will check back later tonight when i get home.

Thnx

Adze wrote:

Hmmm. too bad. Will check back later tonight when i get home.

Thnx

Thanks in advance. wink Cheers.

vinca wrote:

Why ping doesn't work on cable unplug? Is mwan3 correctly configured?

This has been addressed many times. Traffic generated from wan interface itself is not load-balanced.

Please add the reroute option or try to ping with the source address of your lan interface

root@OpenWrt:~# ping -c 3 -I 192.168.33.2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.33.2: 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=48 time=21.279 ms
64 bytes from 8.8.8.8: seq=1 ttl=48 time=18.306 ms
64 bytes from 8.8.8.8: seq=2 ttl=48 time=18.790 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 18.306/19.458/21.279 ms

Hi headless.cross,


I have found the source of your problem. The problem is that iptables mangle table is handled before nat table. So when a client makes a request to fetch a web page, it is first marked by mwan3. Mwan3 decides based on your mwan3 rules which wan interface to exit and marks the session accordingly.

Next nat takes place and diverts the web page request to privoxy. The reply from privoxy however is part of the same session and is already marked to leave a wan interface. The reply from privoxy is then send over the internet, which is obviously incorrect.

To fix this add the following rules to your mwan3 config:

config 'rule' 'rule1'
    option 'proto' 'tcp'
    option 'dest_port' '80'
    option 'src_ip' '10.0.2.1'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'wan1_wan2_loadbalanced'

config 'rule' 'rule2'
    option 'proto' 'tcp'
    option 'dest_port' '80'
    option 'src_ip' '10.0.2.0/24'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'default'

config 'rule' 'rule3'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'wan1_wan2_loadbalanced'

The policy "wan1_wan2_loadbalanced" is just an example. Change it to whatever policy you like. I don't know why this worked in earlier versions of mwan3. This must have been a bug. The current behaviour is as expected.

PS: this post is added with privoxy in transparent mode and mwan3 enabled. wink

(Last edited by Adze on 28 Dec 2014, 19:23)

Adze wrote:

Hi headless.cross,


I have found the source of your problem. The problem is that iptables mangle table is handled before nat table. So when a client makes a request to fetch a web page, it is first marked by mwan3. Mwan3 decides based on your mwan3 rules which wan interface to exit and marks the session accordingly.

Next nat takes place and diverts the web page request to privoxy. The reply from privoxy however is part of the same session and is already marked to leave a wan interface. The reply from privoxy is then send over the internet, which is obviously incorrect.

To fix this add the following rules to your mwan3 config:

config 'rule' 'rule1'
    option 'proto' 'tcp'
    option 'dest_port' '80'
    option 'src_ip' '10.0.2.1'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'wan1_wan2_loadbalanced'

config 'rule' 'rule2'
    option 'proto' 'tcp'
    option 'dest_port' '80'
    option 'src_ip' '10.0.2.0/24'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'default'

config 'rule' 'rule3'
    option 'dest_ip' '0.0.0.0/0'
    option 'use_policy' 'wan1_wan2_loadbalanced'

The policy "wan1_wan2_loadbalanced" is just an example. Change it to whatever policy you like. I don't know why this worked in earlier versions of mwan3. This must have been a bug. The current behaviour is as expected.

Note that you have to set the reroute option to "1" to have privoxy originated traffic also be handled by mwan3, or else it will always leave the gateway with the lowest metric in the default routing table.


PS: this post is added with privoxy in transparent mode and mwan3 enabled. wink

Adze, what I can say.... everything worked like a charm. There are many things that I have to learn to start debugging such problems.

Thank you for your effort and free time, for the overall help and making this project. Cheers. I owe you beer big_smile.

Hi Adze,

I wanted to report that the one client I am using mwan3 with (so far) had a real-live unexpected internet outage on their primary VoIP line. All the current calls dropped, as expected, but by the time people re-dialed to re-place the call, mwan3 had already switched over the VoIP traffic to the backup link and calls continued as usual. SUCCESS! Thanks!

I want to start trying out the load-balancing side of mwan3.

1. Does a load-balanced connection also provide failover automatically to the remaining link if one of the links goes down? The load-balancing metric is ignored if one of the links is down so as to send 100% of traffic through the remaining working link?

2. For load-balancing, the selection of outgoing interface is made by the Linux kernel at the time of the start of the IP connection based on destination IP address? So, all connections to the same specific destination IP address will go through the same WAN interface? How is UDP handled where there is no connection state?

Thanks,
Tim

Dear Adze, first thank you for mwan3, it is awesome.

I have one problem though, I cannot get traffic over both wifi interfaces at the same time.

I am trying to load-balance 3 wans (eth0.2, wlan1, wlan2). The two wifis represent 2 usb wifi adapters of same type, one is on channel 13 and the other on channel 11, they are plugged in over an active usb hub to my wr1043nd. When I start a high speed torrent download, either eth0.2+wlan1 or eth0.2+wlan2 will max out while the other wlan will get no traffic.

Let me show you an example of what bmon reports when I start a high speed torrent download:
http://shrani.si/f/1R/SF/1iKC2yca/ccc.gif


Since eth0.2 always works, I stopped it and tested just the two wlans some more. I have not really found a pattern but sometimes one picks up all the traffic and other times the other one but they never both max out at the same time.


Here is an example with just the two wlans:
http://shrani.si/f/34/EW/3PDkLbpY/aaa.gif

Here it's vice versa:
http://shrani.si/f/3D/Yv/2L1QJyMs/bbb.gif

Can anyone look at my setup and tell me if there is a mistake in it? Otherwise, does anyone have any clue why this would be happening and how I could debug it?

Here is the troubleshooting output:

Software versions : 

OpenWrt - OpenWrt Attitude Adjustment 12.09 (r36088)
mwan3 - 1.2-17
luci-app-mwan3 - 1.1-13

Firewall default output policy (must be ACCEPT) : 

ACCEPT

Output of "ip route show" : 

default via 192.168.7.1 dev eth0.2  proto static  metric 10 
default via 192.168.22.254 dev wlan1  proto static  metric 20 
default via 192.168.1.1 dev wlan2  proto static  metric 30 
192.168.1.0/24 dev wlan2  proto static  scope link  metric 30 
192.168.7.0/24 dev eth0.2  proto static  scope link  metric 10 
192.168.22.0/24 dev wlan1  proto static  scope link  metric 20 
192.168.101.0/24 dev br-lan  proto kernel  scope link  src 192.168.101.1

Output of "ip rule show" : 

0:    from all lookup local 
1002:    from all fwmark 0x200/0xff00 lookup 1002 
1003:    from all fwmark 0x300/0xff00 lookup 1003 
1016:    from all fwmark 0x1000/0xff00 lookup 1016 
32766:    from all lookup main 
32767:    from all lookup default

Output of "ip route list table 1001-1099" (1001-1015 = interface tables, 1016-1099 = policy tables) : 

1002
default via 192.168.22.254 dev wlan1 
1003
default via 192.168.1.1 dev wlan2 
1016
default  metric 1 
    nexthop via 192.168.1.1  dev wlan2 weight 2
    nexthop via 192.168.22.254  dev wlan1 weight 2

Output of "iptables -L -t mangle -v -n | awk '/mwan3/' RS=" : 

Chain PREROUTING (policy ACCEPT 14879 packets, 2914K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 119K   55M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 9265 packets, 857K bytes)
 pkts bytes target     prot opt in     out     source               destination         
29045 2538K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 11887 packets, 1247K bytes)
 pkts bytes target     prot opt in     out     source               destination         
31527 3128K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 12711 packets, 1684K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 109K   51M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   30  1992 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    1    62 MARK       all  --  *      *       0.0.0.0/0            192.168.7.0/24      mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
    1    62 MARK       all  --  *      *       0.0.0.0/0            192.168.22.0/24     mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 
   63  3808 MARK       all  --  *      *       0.0.0.0/0            192.168.101.0/24    mark match 0x0/0xff00 MARK xset 0x7f00/0xff00 

Chain mwan3_post (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 8627  773K MARK       all  --  *      wlan2   0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x300/0xff00 
21487 1387K MARK       all  --  *      wlan1   0.0.0.0/0            0.0.0.0/0           mark match !0x7f00/0xff00 MARK xset 0x200/0xff00 
63843   48M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff 
 138K   54M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00 

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 151K   58M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00 
18235 4387K MARK       all  --  wlan2  *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8300/0xff00 
24485   16M MARK       all  --  wlan1  *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00 
28495 2423K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
28092 2379K mwan3_wan  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
 1048  111K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   24  1248 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1000/0xff00 

Chain mwan3_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
11865  993K MARK       all  --  *      *       192.168.7.106        0.0.0.0/0           MARK xset 0x100/0xff00 
28000 2371K mwan3_wan2  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
27983 2370K mwan3_wan3  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mwan3_wan2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 7524  632K MARK       all  --  *      *       192.168.22.16        0.0.0.0/0           MARK xset 0x200/0xff00 

Chain mwan3_wan3 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 7608  639K MARK       all  --  *      *       192.168.1.112        0.0.0.0/0           MARK xset 0x300/0xff00

Output of "ifconfig" : 

br-lan    Link encap:Ethernet  HWaddr F8:D1:11:90:F1:18  
          inet addr:192.168.101.1  Bcast:192.168.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40725 errors:0 dropped:391 overruns:0 frame:0
          TX packets:40148 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2374054 (2.2 MiB)  TX bytes:47165801 (44.9 MiB)

eth0      Link encap:Ethernet  HWaddr F8:D1:11:90:F1:18  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:77214 errors:0 dropped:26 overruns:59409 frame:0
          TX packets:78223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:35636360 (33.9 MiB)  TX bytes:50191128 (47.8 MiB)
          Interrupt:4 

eth0.1    Link encap:Ethernet  HWaddr F8:D1:11:90:F1:18  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40855 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40305 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2427348 (2.3 MiB)  TX bytes:47173023 (44.9 MiB)

eth0.2    Link encap:Ethernet  HWaddr F8:D1:11:90:F1:18  
          inet addr:192.168.7.106  Bcast:192.168.7.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:36275 errors:0 dropped:1557 overruns:0 frame:0
          TX packets:37916 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:31813151 (30.3 MiB)  TX bytes:2704136 (2.5 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2680 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2680 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:299078 (292.0 KiB)  TX bytes:299078 (292.0 KiB)

wlan1     Link encap:Ethernet  HWaddr B0:48:7A:93:93:BF  
          inet addr:192.168.22.16  Bcast:192.168.22.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40085 errors:0 dropped:47 overruns:0 frame:0
          TX packets:22574 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:17631225 (16.8 MiB)  TX bytes:2187599 (2.0 MiB)

wlan2     Link encap:Ethernet  HWaddr 90:F6:52:15:F3:A8  
          inet addr:192.168.1.112  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19296 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9727 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:4698069 (4.4 MiB)  TX bytes:1116867 (1.0 MiB)

Output of "cat /etc/config/mwan3" : 

config rule 'rule7'
    option proto 'all'
    option dest_ip '0.0.0.0/0'
    option use_policy 'wan_wan2_wan3_loadbalanced'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reroute '0'

config interface 'wan2'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reroute '0'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config interface 'wan3'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '5'
    option reroute '0'

config member 'wan3_m1_w1'
    option interface 'wan3'
    option metric '1'
    option weight '2'

config member 'wan3_m1_w2'
    option interface 'wan3'
    option metric '1'
    option weight '2'

config policy 'wan_wan2_wan3_loadbalanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'
    list use_member 'wan3_m1_w2'

Output of "cat /etc/config/network" : 

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.101.1'
    option netmask '255.255.255.0'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'
    option metric '10'

config switch
    option name 'rtl8366rb'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '1'
    option ports '1 2 3 4 5t'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '2'
    option ports '0 5t'

config interface 'wan2'
    option proto 'dhcp'
    option metric '20'

config interface 'wan3'
    option proto 'dhcp'
    option metric '30'

@pingo:

How strong is the wifi signal between you and those two APs? I'm asking that because I have similar setup and the wifi signal affects the load-balancing.

After using mwan3 for a month,I have two suggestion:
1.Lower cpu consumption.One my wdr7500 with two wans (100mbit+24mbit),mwan3 eats a lot cpu.
http://i.imgur.com/1kJsflU.jpg
2.Allow custom route table for some specific ip sections like
42.196.0.0-42.199.255.255
101.0.0.0-101.255.255.255
111.149.0.0-111.150.255.255
115.172.0.0-115.175.255.255
116.205.0.0-116.205.255.255
118.197.0.0-118.197.255.255
123.0.0.0-124.255.255.255
175.191.0.0-175.192.255.255
180.88.0.0-180.88.255.255
211.161.0.0-211.162.255.255
220.112.0.0-220.115.255.255
223.208.0.0-223.208.255.255
223.210.0.0-223.211.255.255
223.192.0.0-223.192.255.255
.......................................
It takes much effort to take them all into config.