Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 42 of 65

Post #1026

kartheo

27 Nov 2014, 16:18

Adze wrote:

Hi kartheo,

eth1.3 and br-lan have the same ip address range. Change your br-lan settings and you are good to go. Everything else looks ok to me. Good luck!

thanks for the quick reply.
everything seems to work fine.
My br-lan ip is 192.168.1.2 (if i am seeing the correct page in openwrt)

this is the detailed view of the mwan3.

and this is br-lan settings page

@edit At wondershaper or QoS page do i use the combined speed ?

(Last edited by kartheo on 27 Nov 2014, 17:17)

Post #1027

arfett

27 Nov 2014, 20:23

kartheo wrote:

everything seems to work fine.
My br-lan ip is 192.168.1.2 (if i am seeing the correct page in openwrt)

Regardless, you should still change br-lan to a different subnet like 192.168.2.0. You should not have the same network on two interfaces or eventually something will not "work fine."

I will give you one example of what will not work. Any LAN client on br-lan that tries to reach the internet through pppoe-Cyta1 using the main routing table will not be able to.

kartheo wrote:

@edit At wondershaper or QoS page do i use the combined speed ?

I would imagine you would need to create two QoS configurations. One for each WAN interface configured for the speed of that WAN connection.

(Last edited by arfett on 27 Nov 2014, 20:36)

Post #1028

jecartas

28 Nov 2014, 09:44

Is anyone using mwan3 with an external transparent proxy (Squid) ?
I just tried it. I had OpenWRT's firewall redirect tcp/80 traffic from LAN to port 3129 of a Squid proxy (listening in "transparent" mode) sitting just outside my WAN. However, I noticed that mwan3 does (naturally) get involved in "balancing" traffic to my proxy -- is it possible to exclude an IP range from any policy based routing by mwan (e.g. use a syntax like dest_ip '!10.10.10.0/24')?
________________
блиндирани врати врати метални врати метални пощенски кутии метални решетки решетки

(Last edited by jecartas on 13 Dec 2014, 07:41)

Post #1029

kartheo

28 Nov 2014, 09:59

arfett wrote:

Regardless, you should still change br-lan to a different subnet like 192.168.2.0. You should not have the same network on two interfaces or eventually something will not "work fine.
I would imagine you would need to create two QoS configurations. One for each WAN interface configured for the speed of that WAN connection.

thanks for the help!
Have to study more for this networking thing
the only problem i am having is that I am losing some ping from #1 connection.

Fri Nov 28 11:13:38 2014 user.info mwan3track: Lost 3 ping(s) on interface Cyta1 (pppoe-Cyta1)
Fri Nov 28 11:04:23 2014 user.info mwan3track: Lost 4 ping(s) on interface Cyta1 (pppoe-Cyta1)

This is from diagnostic page trying to ping tracking ip
so this may be an opendns problem.
is it ok if i change opendns values with my provider dns?

ping -c 3 -W 2 -I pppoe-Cyta1 8.8.4.4

3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 40.077/40.428/40.656 ms

ping -c 3 -W 2 -I pppoe-Cyta1 8.8.8.8

3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 39.482/39.693/39.904 ms

ping -c 3 -W 2 -I pppoe-Cyta1 208.67.222.222

3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 70.818/71.283/71.749 ms

ping -c 3 -W 2 -I pppoe-Cyta1 208.67.220.220

3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 71.683/71.959/72.235 ms

@Adze : Thanks for this great package!

(Last edited by kartheo on 28 Nov 2014, 10:24)

Post #1030

arfett

28 Nov 2014, 17:50

kartheo wrote:

is it ok if i change opendns values with my provider dns?

You can use whatever IP addresses you want for the tracking IPs. They serve no purpose other than checking if the WAN connection works.

Post #1031

Adze

28 Nov 2014, 18:10

jecartas wrote:

Is anyone using mwan3 with an external transparent proxy (Squid) ?
I just tried it. I had OpenWRT's firewall redirect tcp/80 traffic from LAN to port 3129 of a Squid proxy (listening in "transparent" mode) sitting just outside my WAN. However, I noticed that mwan3 does (naturally) get involved in "balancing" traffic to my proxy -- is it possible to exclude an IP range from any policy based routing by mwan (e.g. use a syntax like dest_ip '!10.10.10.0/24')?

This can be done in two ways. Either specify a static route for that host or create a mwan3 rule with policy default. Please read the wiki for more info.

Post #1032

gentong

30 Nov 2014, 06:42

How to create a rule for more than 1 ip address ?

config rule 'rules6'
option src_ip '172.16.10.0/24'
option proto 'all'
option use_policy 'wan3_only'

does this config correct if i want to give access wan3 for all ip starting from 172.16.10.1 until 172.16.10.254 ?
how if i only give only 3 ip, let's say 172.16.10.1 until 172.16.10.3. what config should i write ?

Thanks

Post #1033

arfett

30 Nov 2014, 07:47

gentong wrote:

does this config correct if i want to give access wan3 for all ip starting from 172.16.10.1 until 172.16.10.254 ?

Yes.

gentong wrote:

how if i only give only 3 ip, let's say 172.16.10.1 until 172.16.10.3. what config should i write ?

172.16.10.1/29 will cover 172.16.10.1-172.16.10.6

Or you will need to write three rules:
172.16.10.1/32
172.16.10.2/32
172.16.10.3/32

(Last edited by arfett on 30 Nov 2014, 07:47)

Post #1034

gentong

30 Nov 2014, 08:30

arfett wrote:

gentong wrote:
does this config correct if i want to give access wan3 for all ip starting from 172.16.10.1 until 172.16.10.254 ?
Yes.
gentong wrote:
how if i only give only 3 ip, let's say 172.16.10.1 until 172.16.10.3. what config should i write ?
172.16.10.1/29 will cover 172.16.10.1-172.16.10.6
Or you will need to write three rules:
172.16.10.1/32
172.16.10.2/32
172.16.10.3/32

what's different if i write 172.16.10.0/0 and 172.16.10.0/24 ? is it same ?
172.16.10.1/29 -> how can u know those ip is starting from 1 & ended with 6 ?

if i put 172.16.10.1/32, 172.16.10.2/32, 172.16.10.3/32, why i should put the "/32" ? without it, i think it should be work too

Post #1035

Adze

30 Nov 2014, 10:40

gentong wrote:

what's different if i write 172.16.10.0/0 and 172.16.10.0/24 ? is it same ?

It is surely not the same!

gentong wrote:

172.16.10.1/29 -> how can u know those ip is starting from 1 & ended with 6 ?

Learn CIDR notation. https://www.digitalocean.com/community/ … etworking.

gentong wrote:

if i put 172.16.10.1/32, 172.16.10.2/32, 172.16.10.3/32, why i should put the "/32" ? without it, i think it should be work too

If omitted, a /32 is assumed.

Post #1036

arfett

30 Nov 2014, 19:00

gentong wrote:

what's different if i write 172.16.10.0/0 and 172.16.10.0/24 ? is it same ?

If you write 172.16.10.0/0 then this will match ALL IP addresses from 0.0.0.0-255.255.255.255.

gentong wrote:

172.16.10.1/29 -> how can u know those ip is starting from 1 & ended with 6 ?
if i put 172.16.10.1/32, 172.16.10.2/32, 172.16.10.3/32, why i should put the "/32" ? without it, i think it should be work too

Adze's link doesn't appear to work. If you want to be lazy and not learn CIDR you can use this page to calculate the subnets for you:
http://www.subnet-calculator.com/

Post #1037

gentong

1 Dec 2014, 10:49

How if i want to give rules, only some ip's (not sequential ip)
for example, i want to give access WAN2 only for 2 ip's 172.16.10.5, 172.16.0.7
if sequential, i just can write 172.16.10.5/30 means, ip 172.16.10.5 & 172.16.10.6.

thanks

Post #1038

gentong

2 Dec 2014, 03:28

bump...

Post #1039

Adze

2 Dec 2014, 22:56

gentong wrote:

How if i want to give rules, only some ip's (not sequential ip)
for example, i want to give access WAN2 only for 2 ip's 172.16.10.5, 172.16.0.7
if sequential, i just can write 172.16.10.5/30 means, ip 172.16.10.5 & 172.16.10.6.

You can create an extra rule. You can create as much as you like. You don't have to add /32 to the end of a host only ip address. This is redundant and assumed.

Post #1040

Nassz

3 Dec 2014, 22:53

Hi, I have some problem with OPENVPN :
I make failover due to mwan3, but i have OpenVpn client , so when wan comes down, VPN connect through wan2, but when wan become active OpenVpn doesn't reconnect though it.
How to fix this or how to run ext script when wan become ready for mwan3 ?

Post #1041

arfett

6 Dec 2014, 21:04

Nassz wrote:

Hi, I have some problem with OPENVPN :
I make failover due to mwan3, but i have OpenVpn client , so when wan comes down, VPN connect through wan2, but when wan become active OpenVpn doesn't reconnect though it.
How to fix this or how to run ext script when wan become ready for mwan3 ?

/etc/hotplug.d/iface/16-mwancustom

Post #1042

kpv

16 Dec 2014, 02:51

After doing a "/etc/init.d/firewall restart" I get this

root@OpenWrt:/etc# mwan3 status
Interface status:
Interface wan error
Interface wan2 error

root@OpenWrt:/etc

What's the best way to ensure that mwan3 is enabled after a firewall restart?

Post #1043

arfett

16 Dec 2014, 03:04

kpv wrote:

After doing a "/etc/init.d/firewall restart" I get this
root@OpenWrt:/etc# mwan3 status
Interface status:
Interface wan error
Interface wan2 error

root@OpenWrt:/etc
What's the best way to ensure that mwan3 is enabled after a firewall restart?

You could add '/usr/sbin/mwan3 restart' to the end of the restart function in /etc/init.d/firewall

Post #1044

spock

16 Dec 2014, 15:37

I'm having a problem with mwan3 and nat reflection.

The policy routing is working just the way I want it.

But as soon as I enable mwan3 "mwan3 start", NAT reflection stops working.
If I do "mwan3 stop", NAT reflection starts working again.

I spent some hours trying to reconfigure pretty much everything, but I couldn't solve it.

Anyone else noticed this?

root@dexter:~# mwan3 start
sh: enabled: unknown operand
uci: Entry not found
uci: Entry not found
sh: enabled: unknown operand
uci: Entry not found
uci: Entry not found

My openwrt image is built by myself and up to date after a dirclean, r43721.

(Last edited by spock on 16 Dec 2014, 15:39)

Post #1045

Adze

16 Dec 2014, 18:16

spock wrote:

I'm having a problem with mwan3 and nat reflection.

Create a new rule with the to-be-natted destination ip address and set it to use policy default.

If that don't work, please post your config.

(Last edited by Adze on 16 Dec 2014, 18:39)

Post #1046

spock

17 Dec 2014, 10:14

Adze wrote:

spock wrote:
I'm having a problem with mwan3 and nat reflection.
Create a new rule with the to-be-natted destination ip address and set it to use policy default.
If that don't work, please post your config.

That quick advice saved me!

However, my natted destination IP will change every now and then, and so I'll need to manually change this rule. Is there some way to make this automatic?

Many thanks for your help Adze.

Post #1047

spock

17 Dec 2014, 14:02

I think I found a way to automate it, by putting the following code in a script named for example "99-mwan3reflect". Don't forget to make it executable (chmod +x).

This assumes you have a mwan3 rule named reflection, with an already assigned source subnet/address.

/etc/hotplug.d/iface/99-mwan3reflect

#!/bin/sh

. /lib/functions/network.sh
network_flush_cache
network_get_ipaddr ip wan
uci set mwan3.reflection.dest_ip=${ip}
uci commit

Since my IP doesn't change often I havent been able to test it.

(Last edited by spock on 17 Dec 2014, 14:20)

Post #1048

Adze

17 Dec 2014, 18:35

Hi spock,

The extra rule for nat reflection should not be necessary for directly connected ip addresses. So that you need the extra rule is strange and might have something todo with the errors you receive when starting mwan3.

Could you please post your config and "iptables -L -t mangle -v -n"?

Thnx.

Post #1049

spock

18 Dec 2014, 00:22

Adze wrote:

Hi spock,

The extra rule for nat reflection should not be necessary for directly connected ip addresses. So that you need the extra rule is strange and might have something todo with the errors you receive when starting mwan3.
Could you please post your config and "iptables -L -t mangle -v -n"?

Thnx.

I have my server on a DMZ in a separate VLAN (eth0.3), shielding it from the rest of the network. The normal "nat loopback" never worked, I had to make manual firewall rules (through uci) to get it to work.

I guess, perhaps this is why I'm seeing this issue now with mwan3.

After your previous post i decided to wipe the config and start from scratch, but I'm seeing just the same problems, and mwan3 still shows those error messages when i start it.

Not really sure where to go from here, maybe you have some idea?

output of iptables -L -t mangle -v -n: http://sprunge.us/NVTh

MWAN config:

config rule 'sticky_odd'
    option src_ip 'xxxx/24'
    option proto 'all'
    option use_policy 'wan2_only'

config rule 'sticky_even'
    option src_ip 'xxxx/24'
    option proto 'all'
    option use_policy 'wan_only'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

Network config:

config globals 'globals'
    option ula_prefix 'xxx::/48'

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option _orig_ifname 'eth0.1 wlan0 wlan1'
    option _orig_bridge 'true'
    option stp '1'
    option proto 'static'
    option netmask '255.255.255.0'
    option ipaddr 'xxx'
    option ip6assign '64'
    option ip6hint 'aa'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'
    option mirror_source_port '0'
    option mirror_monitor_port '0'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '0t 2 3 4'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0t 1'
    option vid '2'

config interface 'wan'
    option proto 'pppoe'
    option ifname 'eth0.2'
    option password 'xxx'
    option ipv6 '1'
    option metric '10'
    option username 'xxx'

config interface 'modem'
    option proto 'static'
    option ifname 'eth0.2'
    option ipaddr '192.168.1.10'
    option netmask '255.255.255.0'
    option macaddr 'xxxx'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '0t 5'

config interface 'dmz'
    option proto 'static'
    option ifname 'eth0.3'
    option netmask '255.255.255.0'
    option ipaddr 'xxx'
    option ip6assign '64'

config interface 'wan6'
    option proto 'dhcpv6'
    option ifname '@wan'
    option reqaddress 'none'
    option reqprefix '48'
    option macaddr 'xxx'

config interface 'wan2'
    option proto 'dslite'
    option peeraddr 'xxxx'
    list tunlink 'wan'
    option metric '20'

/etc/config/firewall

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '50000-50010'
    option dest_ip 'xxx'
    option dest_port '50000-50010'
    option name 'rtorrent-einstein'
    option reflection '0'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'dmz'
    option src_dport '25'
    option dest_ip 'xxx'
    option dest_port '25'
    option name 'smtp'
    option proto 'tcp udp'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'dmz'
    option proto 'tcp udp'
    option src_dport '53'
    option dest_ip 'xxx'
    option dest_port '53'
    option name 'dns'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'dmz'
    option proto 'tcp udp'
    option src_dport '587'
    option dest_ip 'xxx'
    option dest_port '587'
    option name 'submission'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'dmz'
    option proto 'tcp'
    option dest_ip 'xxxx'
    option dest_port '8080'
    option name 'nginx'
    option src_dport '8080'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '587'
    option dest_ip 'xxxx'
    option dest_port '587'
    option name 'local-submission'

config redirect
    option target 'DNAT'
    option src 'wan'
    option src_dport '25'
    option dest_ip 'xxx'
    option dest_port '25'
    option name 'local-smtp'
    option dest 'lan'
    option proto 'tcp udp'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '143'
    option dest_ip 'xxx'
    option dest_port '143'
    option name 'local-imap'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp'
    option src_dport '8080'
    option dest_ip 'xxx'
    option dest_port '8080'
    option name 'local-nginx'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    list icmp_type 'echo-reply'
    list icmp_type 'echo-request'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'echo-reply'
    list icmp_type 'echo-request'

config rule
    option target 'ACCEPT'
    option src 'wan'
    option proto 'udp'
    option dest_port '1194'
    option name 'OpenVPN'
    option enabled '0'

config defaults
    option syn_flood '1'
    option output 'ACCEPT'
    option drop_invalid '1'
    option input 'REJECT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option network 'lan'
    option mtu_fix '1'
    option forward 'REJECT'

config zone
    option name 'wan'
    option output 'ACCEPT'
    option mtu_fix '1'
    option input 'REJECT'
    option forward 'REJECT'
    option masq '1'
    option network 'wan wan6 dsl wan2'

config include
    option path '/etc/firewall.user'

config zone
    option name 'modem'
    option output 'ACCEPT'
    option network 'modem'
    option mtu_fix '1'
    option input 'REJECT'
    option forward 'REJECT'
    option masq '1'

config rule
    option target 'ACCEPT'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option name 'ssh'

config zone
    option name 'dmz'
    option network 'dmz'
    option output 'ACCEPT'
    option mtu_fix '1'
    option forward 'REJECT'
    option input 'REJECT'

config forwarding
    option dest 'wan'
    option src 'dmz'

config forwarding
    option dest 'modem'
    option src 'lan'

config forwarding
    option dest 'wan'
    option src 'lan'

config forwarding
    option dest 'dmz'
    option src 'lan'

config rule
    option name 'DMZ-Allow-ICMPv6-Input'
    option src 'dmz'
    option proto 'icmp'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    list icmp_type 'echo-reply'
    list icmp_type 'echo-request'

config rule
    option name 'DMZ-Allow-ICMPv6-Forward'
    option src 'dmz'
    option proto 'icmp'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'echo-reply'
    list icmp_type 'echo-request'
    option dest 'wan'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option src 'wan'
    option dest 'dmz'
    option name 'dmz6-dns'
    option dest_port '53'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option src 'wan'
    option dest 'dmz'
    option name 'dmz6-imap'
    option dest_port '143'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option src 'wan'
    option dest 'dmz'
    option name 'dmz6-smtp'
    option dest_port '25'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option src 'wan'
    option dest 'dmz'
    option name 'dmz6-submission'
    option dest_port '587'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option src 'wan'
    option dest 'dmz'
    option name 'dmz6-dav'
    option dest_port '8080'

config include 'miniupnpd'
    option type 'script'
    option path '/usr/share/miniupnpd/firewall.include'
    option family 'any'
    option reload '1'

(Last edited by spock on 18 Dec 2014, 03:24)

Post #1050

Adze

18 Dec 2014, 09:28

Hi spock,

All output seems ok to me.. For the NAT loopback; to which address are you trying to connect?

If you issue "mwan3 start", the /usr/sbin/mwan3 script starts a hotplup ifup event for each interface. All scripts in /etc/hotplug.d/iface/ will be executed. The errors you are seeing may be from mwan3 or maybe from any other script you have there. Could you please try and remove the files in /etc/hotplug.d/iface/ and check which script(s) causes the erros?

Thank you!

Page 42 of 65