RUT240 routing outgoing traffic through same interface it comes in

I have a RUT240 with a LAN network (172.16.21.0/24), a WAN (eth1) network (172.16.22.0/30) and a mobile connection (qmimux0 - Public IP 80.80.80.80).
I have the default route with WAN connection:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.22.1     0.0.0.0         UG    1      0        0 eth1
0.0.0.0         0.0.0.0         0.0.0.0         U     2      0        0 qmimux0
80.80.80.80    0.0.0.0         255.255.255.255 UH    2      0        0 qmimux0
172.16.21.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
172.16.22.0     0.0.0.0         255.255.255.252 U     1      0        0 eth1

Now, I need to route through qmimux0 interface the responses to request that have arrived by this same interface.
For example, I get a request to the qmimux0 public IP (80.80.80.80) at 17443 port; it pass though iptables and arrives to 172.16.21.50 port 443. The response is route through eth1 because it is the default route.

  1. I have tried to use iptables to mark the packets but it didn’t work:
iptables -t mangle -A PREROUTING -i qmimux0 -j MARK --set-mark 1
ip rule add fwmark 1 table 100
ip route add default via 80.80.80.80 table 100
iptables -t nat -A POSTROUTING -o qmimux0 -m mark --mark 1 -j SNAT --to-source 80.80.80.80

tcpdump is showing the packets using the eth1 in the outgoing connections:

16:04:20.969197 qmimux0 In  IP 100.100.100.100.49263 > 80.80.80.80.17443: Flags [S], seq 3834440872, win 1024, options [mss 1410], length 0
16:04:20.975831 eth1  Out IP 80.80.80.80.17443 > 100.100.100.100.49263: Flags [S.], seq 3685592694, ack 3834440873, win 64240, options [mss 1460], length 0
16:04:21.996055 eth1  Out IP 80.80.80.80.17443 > 100.100.100.100.49263: Flags [S.], seq 3685592694, ack 3834440873, win 64240, options [mss 1460], length 0
  1. I wondered if using mwan3 was a better solution for my needs. But I’m unable to achieve them with the following configuration:

Can anybody help me?

Hello,

Apologies for the delayed response.

It should be enough to simply enable failover on the wired WAN and mobile interface.

Wired WAN main - mobile secondary - no failover:

Wire WAN main - mobile secondary - with failover:

This is from a device running v7.06.1. Thus, make sure you have the latest firmware installed. Else, try a clean configuration (factory reset perhaps).

Let me know how it goes!

Kind Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.