Knowledge Base/Use Case/Multi-WAN
< Knowledge Base | Use Case
Zur Navigation springen
Zur Suche springen
Version vom 12. Oktober 2022, 22:33 Uhr von Damadmai (Diskussion | Beiträge) (Remove 78.41.116.121 from DNS Server List)
Multi-WAN
Aufbau und VLAN-Übersicht
VLAN-Config für OpenWRT-Router
VLAN-Config für EdgeOS-Router
Bridges:
br0 193.238.15z.zzz/32 br1 10.xx.yy.100/24 br2
Interfaces:
eth0 br0 vlan 100 192.168.100.1/24 vlan 200 br2 vlan 1100 br1 eth1 br2 eth2 br0 vlan 1100 br1 eth3 br0 vlan 1100 br1 eth4 br0 vlan 1100 br1
Firewall:
WAN: br0 LAN: eth0.100
Relevante Abschnitte aus config.boot für EdgeOS-Router
interfaces {
bridge br0 {
address 193.238.15.....
}
bridge br1 {
address 10.xx.yy.100/24
}
bridge br2 {
}
ethernet eth0 {
bridge-group {
bridge br0
}
vif 100 {
address 192.168.100.1/24
}
vif 200 {
bridge-group {
bridge br2
}
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth1 {
bridge-group {
bridge br2
}
}
ethernet eth2 {
bridge-group {
bridge br0
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth3 {
bridge-group {
bridge br0
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth4 {
bridge-group {
bridge br0
}
poe {
output 24v
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0.100
wan-interface br0
}
service {
nat {
rule 5000 {
description WAN_FF
log disable
outbound-interface br0
protocol all
source {
address 192.168.100.0/24
}
type masquerade
}
}
}
system {
name-server 193.238.157.16
ntp {
server bevtime1.metrologie.at {
}
server bevtime2.metrologie.at {
}
server time.metrologie.at {
}
}
time-zone Europe/Vienna
}
GUI / CLI Setup
set date mmddhhmmyyyy Upload Setup0xFF-Wizard as 0xFF IP: 193.238.158.28 Node-ID: 3011 Routername: haid-router Username: damadmai Disable DHCP-Server Disable all Forwardings Change Password & Add SSH key Set name servers to 193.238.157.16 delete system ntp server 0.ubnt.pool.ntp.org delete system ntp server 1.ubnt.pool.ntp.org delete system ntp server 2.ubnt.pool.ntp.org delete system ntp server 3.ubnt.pool.ntp.org set system ntp server bevtime1.metrologie.at set system ntp server bevtime2.metrologie.at set system ntp server time.metrologie.at set interfaces ethernet eth0 bridge-group bridge br0 set interfaces ethernet eth0 vif 100 address 192.168.100.1/24 set interfaces ethernet eth0 vif 200 bridge-group bridge br2 set interfaces ethernet eth0 vif 1100 bridge-group bridge br1 delete interfaces ethernet eth1 description OLSR set interfaces ethernet eth1 description WAN delete interfaces ethernet eth1 bridge-group bridge br0 delete interfaces ethernet eth1 vif delete interfaces ethernet eth1 address dhcp set interfaces bridge br2 description WAN set interfaces ethernet eth1 bridge-group bridge br2 delete interfaces ethernet eth2 poe output off delete interfaces ethernet eth3 poe output off delete interfaces ethernet eth4 poe output off set interfaces ethernet eth2 poe output 24v set interfaces ethernet eth3 poe output 24v set interfaces ethernet eth4 poe output 24v delete service nat rule 5001 source address 192.168.1.0/24 set service nat rule 5001 source address 192.168.100.0/24 set service gui listen-address 127.0.0.1 WSLE: Orig-Server-Ports: 443->10443, Custom-Server-Ports: 8443->443 OLSRd V1: Disable all plugins Connect via SSH Autoupdate: self, then all WSLE: Register FQDN, then restart both ebtables: Allow br2 delete interfaces ethernet eth0 address 192.168.1.1/24 delete interfaces ethernet eth0 poe output off set interfaces ethernet eth0 poe output 24v
Relevante Abschnitte aus OpenWRT config
system:
config system option ttylogin '0' option log_size '64' option urandom_seed '0' option hostname 'archer' option zonename 'Europe/Vienna' option timezone 'CET-1CEST,M3.5.0,M10.5.0/3' option log_proto 'udp' option conloglevel '8' option cronloglevel '8' config timeserver 'ntp' option enabled '1' list server 'bevtime1.metrologie.at' list server 'bevtime2.metrologie.at' list server 'time.metrologie.at'
network:
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option type 'bridge' option ifname 'eth0.1' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '192.168.48.1' config interface 'wan' option proto 'static' option ipaddr '192.168.100.2' option netmask '255.255.255.0' option gateway '192.168.100.1' option broadcast '192.168.100.255' option ifname 'eth0.100' option dns '193.238.157.16' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0t 2 3 4' option vid '1' config switch_vlan option device 'switch0' option vlan '3' option ports '0t 1t' option vid '100' config switch_vlan option device 'switch0' option vlan '4' option ports '0t 1t' option vid '200' config switch_vlan option device 'switch0' option vlan '5' option vid '1000' option ports '1 5' config switch_vlan option device 'switch0' option vlan '6' option vid '1100' option ports '1t 5t' config interface 'wanb' option proto 'dhcp' option ifname 'eth0.200'
mwan3:
config rule 'secure' option proto 'tcp' option sticky '0' option use_policy 'wan_wanb' option dest_port '22,443,587,853,993' config rule 'default_rule' option dest_ip '0.0.0.0/0' option proto 'all' option sticky '0' option use_policy 'wanb_only' config globals 'globals' option mmx_mask '0x3F00' option local_source 'lan' config interface 'wan' option enabled '1' list track_ip '208.67.222.222' list track_ip '208.67.220.220' option family 'ipv4' option reliability '2' option count '1' option timeout '2' option failure_latency '1000' option recovery_latency '500' option failure_loss '20' option recovery_loss '5' option interval '5' option down '3' option up '8' config interface 'wanb' option family 'ipv4' option reliability '1' option count '1' option timeout '2' option interval '5' option down '3' option up '8' option initial_state 'online' list track_ip '208.67.222.222' list track_ip '208.67.220.220' option track_method 'ping' option size '56' option check_quality '0' option failure_interval '5' option recovery_interval '5' option flush_conntrack 'never' option enabled '1' config member 'wan_m1_w3' option interface 'wan' option metric '1' option weight '3' config member 'wan_m2_w3' option interface 'wan' option metric '2' option weight '3' config member 'wanb_m1_w2' option interface 'wanb' option metric '1' option weight '2' config member 'wanb_m2_w2' option interface 'wanb' option metric '2' option weight '2' config policy 'wan_only' option last_resort 'unreachable' list use_member 'wan_m1_w3' config policy 'wanb_only' list use_member 'wanb_m1_w2' option last_resort 'unreachable' config policy 'balanced' list use_member 'wan_m1_w3' list use_member 'wanb_m1_w2' option last_resort 'unreachable' config policy 'wan_wanb' list use_member 'wan_m1_w3' list use_member 'wanb_m2_w2' option last_resort 'unreachable' config policy 'wanb_wan' option last_resort 'unreachable' list use_member 'wan_m2_w3' list use_member 'wanb_m1_w2'
firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wanb'
config forwarding
option src 'lan'
option dest 'wan'