Knowledge Base/Use Case/Multi-WAN
< Knowledge Base | Use Case
Zur Navigation springen
Zur Suche springen
Version vom 8. Oktober 2018, 16:45 Uhr von Damadmai (Diskussion | Beiträge) (Konfigurationen hinzugefügt)
Multi-WAN
Aufbau und VLAN-Übersicht
VLAN-Config für OpenWRT-Router
VLAN-Config für EdgeOS-Router
Bridges:
br0 193.238.15z.zzz/32 br1 10.xx.yy.100/24 br2
Interfaces:
eth0 br0 vlan 100 192.168.100.1/24 vlan 200 br2 vlan 1100 br1 eth1 br2 eth2 br0 vlan 1100 br1 eth3 br0 vlan 1100 br1 eth4 br0 vlan 1100 br1
Firewall:
WAN: br0 LAN: eth0.100
Relevante Abschnitte aus config.boot für EdgeOS-Router
interfaces {
bridge br0 {
address 193.238.15.....
}
bridge br1 {
address 10.xx.yy.100/24
}
bridge br2 {
}
ethernet eth0 {
bridge-group {
bridge br0
}
vif 100 {
address 192.168.100.1/24
}
vif 200 {
bridge-group {
bridge br2
}
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth1 {
bridge-group {
bridge br2
}
}
ethernet eth2 {
bridge-group {
bridge br0
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth3 {
bridge-group {
bridge br0
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
ethernet eth4 {
bridge-group {
bridge br0
}
poe {
output 24v
}
vif 1100 {
bridge-group {
bridge br1
}
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0.100
wan-interface br0
}
service {
nat {
rule 5000 {
description WAN_FF
log disable
outbound-interface br0
protocol all
source {
address 192.168.100.0/24
}
type masquerade
}
}
}
system {
name-server 193.238.157.16
name-server 78.41.116.121
ntp {
server bevtime1.metrologie.at {
}
server bevtime2.metrologie.at {
}
server time.metrologie.at {
}
}
time-zone Europe/Vienna
}
Relevante Abschnitte aus OpenWRT config
system:
config system option ttylogin '0' option log_size '64' option urandom_seed '0' option hostname 'archer' option zonename 'Europe/Vienna' option timezone 'CET-1CEST,M3.5.0,M10.5.0/3' option log_proto 'udp' option conloglevel '8' option cronloglevel '8' config timeserver 'ntp' option enabled '1' list server 'bevtime1.metrologie.at' list server 'bevtime2.metrologie.at' list server 'time.metrologie.at'
network:
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option type 'bridge' option ifname 'eth0.1' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '192.168.48.1' config interface 'wan' option proto 'static' option ipaddr '192.168.100.2' option netmask '255.255.255.0' option gateway '192.168.100.1' option broadcast '192.168.100.255' option ifname 'eth0.100' option dns '193.238.157.16 78.41.116.121' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0t 2 3 4' option vid '1' config switch_vlan option device 'switch0' option vlan '3' option ports '0t 1t' option vid '100' config switch_vlan option device 'switch0' option vlan '4' option ports '0t 1t' option vid '200' config switch_vlan option device 'switch0' option vlan '5' option vid '1000' option ports '1 5' config switch_vlan option device 'switch0' option vlan '6' option vid '1100' option ports '1t 5t' config interface 'wanb' option proto 'dhcp' option ifname 'eth0.200'
mwan3:
config rule 'secure' option proto 'tcp' option sticky '0' option use_policy 'wan_wanb' option dest_port '22,443,587,853,993' config rule 'default_rule' option dest_ip '0.0.0.0/0' option proto 'all' option sticky '0' option use_policy 'wanb_only' config globals 'globals' option mmx_mask '0x3F00' option local_source 'lan' config interface 'wan' option enabled '1' list track_ip '208.67.222.222' list track_ip '208.67.220.220' option family 'ipv4' option reliability '2' option count '1' option timeout '2' option failure_latency '1000' option recovery_latency '500' option failure_loss '20' option recovery_loss '5' option interval '5' option down '3' option up '8' config interface 'wanb' option family 'ipv4' option reliability '1' option count '1' option timeout '2' option interval '5' option down '3' option up '8' option initial_state 'online' list track_ip '208.67.222.222' list track_ip '208.67.220.220' option track_method 'ping' option size '56' option check_quality '0' option failure_interval '5' option recovery_interval '5' option flush_conntrack 'never' option enabled '1' config member 'wan_m1_w3' option interface 'wan' option metric '1' option weight '3' config member 'wan_m2_w3' option interface 'wan' option metric '2' option weight '3' config member 'wanb_m1_w2' option interface 'wanb' option metric '1' option weight '2' config member 'wanb_m2_w2' option interface 'wanb' option metric '2' option weight '2' config policy 'wan_only' option last_resort 'unreachable' list use_member 'wan_m1_w3' config policy 'wanb_only' list use_member 'wanb_m1_w2' option last_resort 'unreachable' config policy 'balanced' list use_member 'wan_m1_w3' list use_member 'wanb_m1_w2' option last_resort 'unreachable' config policy 'wan_wanb' list use_member 'wan_m1_w3' list use_member 'wanb_m2_w2' option last_resort 'unreachable' config policy 'wanb_wan' option last_resort 'unreachable' list use_member 'wan_m2_w3' list use_member 'wanb_m1_w2'
firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wanb'
config forwarding
option src 'lan'
option dest 'wan'