Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Multiple WAN

I now nearly finally configured my Edgemax. But I have a Problem with multiple WAN Interfaces. I've connected eth0 and eth4 to my Cable Modem which is configured as Bridge. NAT is configured as masquarde to eth0. But as soon as I activate eth4 the complete Internet Connection dissapear or doesn't work anymore. I don't know why.

 

 

Established Member
Posts: 901
Registered: ‎10-12-2012
Kudos: 892
Solutions: 39
Contributions: 1

Re: Multiple WAN

[ Edited ]

Your description makes it sound like you are plugging in 2 wan interfaces into a single cable modem... Which seems odd... 

A config would help and a description of what you are trying to accomplish exactly.

Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Re: Multiple WAN

[ Edited ]

Yes, I've plugged both Ports into the same Modem. I made this because I want to get 2 different IP's from my 3 IP's. And this is only possible with different Mac Adresses.

My Config:

firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN_CC_1
duplex auto
poe {
output off
}
speed auto
}
ethernet eth1 {
description PORT_SWITCH0_UG
duplex auto
poe {
output off
}
speed auto
vif 50 {
address 172.16.50.1/24
description NETWORK_HW_50ER
mtu 1500
}
vif 60 {
address 172.16.60.1/24
description SERVER_60ER
}
vif 70 {
address 172.16.70.1/24
description WN_70ER
}
vif 80 {
address 172.16.80.1/24
description 80ER
}
vif 90 {
address 172.16.90.1/24
description 90ER
mtu 1500
}
}
ethernet eth2 {
description eth2
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
address dhcp
description WAN_CC_2
disable
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
mtu 1500
}
}
port-forward {
auto-firewall enable
hairpin-nat disable
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name 30er {
authoritative enable
disable
subnet 172.16.30.0/24 {
default-router 172.16.30.1
dns-server 172.16.50.1
lease 86400
start 172.16.30.1 {
stop 172.16.30.255
}
wins-server 172.168.30.1
}
}
shared-network-name 50er {
authoritative enable
disable
subnet 172.16.50.0/24 {
default-router 172.16.50.1
dns-server 172.16.50.1
lease 86400
start 172.16.50.1 {
stop 172.16.50.255
}
wins-server 172.16.50.1
}
}
shared-network-name 60er {
authoritative enable
subnet 172.16.60.0/24 {
default-router 172.16.60.1
dns-server 172.16.60.1
lease 86400
start 172.16.60.1 {
stop 172.16.60.255
}
wins-server 172.16.60.1
}
}
shared-network-name 70er {
authoritative enable
subnet 172.16.70.0/24 {
default-router 172.16.70.1
dns-server 172.16.50.1
lease 86400
start 172.16.70.1 {
stop 172.16.70.255
}
wins-server 172.16.70.1
}
}
shared-network-name 80er {
authoritative enable
subnet 172.16.80.0/24 {
default-router 172.16.80.1
dns-server 172.16.50.1
lease 86400
start 172.16.80.1 {
stop 172.16.80.255
}
wins-server 172.16.80.1
}
}
shared-network-name 90er {
authoritative enable
subnet 172.16.90.0/24 {
default-router 172.16.90.1
dns-server 172.16.50.1
lease 86400
start 172.16.90.1 {
stop 172.16.90.255
}
static-mapping WNR3500L {
ip-address 172.16.90.5
mac-address c0:3f:0e:bd:71:7f
}
wins-server 172.16.90.1
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
listen-on eth3
listen-on eth4
listen-on eth1
listen-on eth1.80
listen-on eth1.70
listen-on eth1.50
listen-on eth1.60
listen-on eth1.90
}
}
gui {
https-port 443
listen-address 0.0.0.0
}
nat {
rule 1 {
inbound-interface eth0
inside-address {
address 172.16.90.5
port 1-65535
}
log disable
protocol tcp_udp
type destination
}
rule 5000 {
description WAN_CC_1
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
upnp {
}
}
system {
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name ""
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding disable
}
}
package {
repository squeeze {
components "main contrib non-free"
distribution squeeze
password ****************
url http://http.us.debian.org/debian
username ""
}
repository squeeze-security {
components main
distribution squeeze/updates
password ****************
url http://security.debian.org
username ""
}
}
static-host-mapping {
host-name router {
inet 172.16.50.1
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
auto-firewall-nat-exclude disable
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
}

Established Member
Posts: 901
Registered: ‎10-12-2012
Kudos: 892
Solutions: 39
Contributions: 1

Re: Multiple WAN

[ Edited ]

Is your modem handing out static ip addresses via dhcp? If so, is it not possible to put your modem in bridge mode and assign the IP addresses yourself? Or is it handing you 3 randomly assigned DHCP addresses with the same or different gateway?

1- DNS - if eth4 is also a WAN port, you don't want to listen to dns queries on it. 

delete dns listen-on eth4

 2- Masquerade - You will need another masquerade rule for any traffic trying to go out over eth4

set rule 5001 description WAN_CC_2
set rule 5001 log disable
set rule 5001 outbound-interface eth4
set rule 5001 protocol all
set rule 5001 type masquerade

 3- If both interfaces are set as DHCP, DHCP is also creating 2 default routes, this may cause issues. With both connected do the following command and list the details here.

show ip route

 In addition.. you appear to be sending all inbound traffic on eth0 (WAN 1?) tcp_udp to some other location (nat rule 1)... is this desired? Perhaps a layout of your network would be helpful...

 

Also- Please use the Insert Code button when pasting router output to make it readable.

Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Re: Multiple WAN

Thanks, thats done the trick. I've added a masuqrde NAT and removed the faulty DHCP and now everything works fine.

Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Re: Multiple WAN

So, Now all runs over eth4. But eth4 is over the switch with limited capacity. I want to run anything over eth0, and only a Server over eth4.

 

$ show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,

       I - ISIS, B - BGP, > - selected route, * - FIB route

 

S>* 0.0.0.0/0 [210/0] via 217.162.58.1, eth0

  *                   via 178.83.114.1, eth4

C>* 127.0.0.0/8 is directly connected, lo

C>* 172.16.40.0/24 is directly connected, eth2

C>* 172.16.50.0/24 is directly connected, eth1.50

C>* 172.16.60.0/24 is directly connected, eth1.60

C>* 172.16.70.0/24 is directly connected, eth1.70

C>* 172.16.80.0/24 is directly connected, eth1.80

C>* 172.16.90.0/24 is directly connected, eth1.90

C>* 178.83.114.0/23 is directly connected, eth4

C>* 217.162.58.0/23 is directly connected, eth0

 

I think the only I must to do is to get eth0 one line before eth4. Is this correct? How can I do this?

Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Re: Multiple WAN

The Router switches now randomly between routing out over eth0 or eth4. How can I specify one Interface it routes out at the whole time?

Member
Posts: 141
Registered: ‎05-24-2014
Kudos: 10
Solutions: 2

Re: Multiple WAN

Bump