Skip to content

Instantly share code, notes, and snippets.

@ValdikSS

ValdikSS/gist:1850d8fcbb6a97e1532a Secret

Created September 8, 2014 20:51
Show Gist options
  • Save ValdikSS/1850d8fcbb6a97e1532a to your computer and use it in GitHub Desktop.
Save ValdikSS/1850d8fcbb6a97e1532a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Software versions :
OpenWrt - OpenWrt Barrier Breaker 14.07-rc3
LuCI - svn-r10467
mwan3 - 1.4-24
luci-app-mwan3 - 1.3-1
Output of "cat /etc/config/mwan3" :
config rule 'server'
option src_ip '192.168.5.10'
option proto 'all'
option use_policy 'wan_only'
config rule 'lan_subnet'
option src_ip '192.168.5.0/24'
option proto 'all'
option use_policy 'vpn_only'
config rule 'guests'
option src_ip '192.168.6.0/24'
option proto 'all'
option use_policy 'wan_only'
config interface 'wan'
option enabled '1'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '3'
config interface 'sevpn'
option enabled '1'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '3'
config member 'wan_link'
option interface 'wan'
option metric '20'
option weight '20'
config member 'vpn_link'
option interface 'sevpn'
option metric '50'
option weight '50'
config policy 'wan_only'
list use_member 'wan_link'
config policy 'vpn_only'
list use_member 'vpn_link'
Output of "cat /etc/config/network" :
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option ifname 'eth0.1'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.5.1'
option ip6assign '64'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option macaddr 'F8:1A:67:BC:CE:6F'
option peerdns '0'
option dns '77.88.8.8'
option metric '20'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
config interface 'sevpn'
option ifname 'tun0'
option _orig_ifname 'tun0'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.200.4'
option netmask '255.255.255.128'
option gateway '192.168.200.1'
option dns '192.168.200.1'
option ip6addr '2001:470:28:22f::1002/64'
option ip6gw '2001:470:28:22f::1'
option ip6prefix '2001:470:dd8a:dead::/64'
option metric '50'
config route
option interface 'sevpn'
option target '192.168.99.98'
config interface 'guest'
option _orig_ifname 'wlan0-1'
option _orig_bridge 'false'
option proto 'static'
option delegate '0'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
config route
option interface 'wan'
option target '31.220.43.152'
config route
option interface 'wan'
option target '93.95.98.176'
config route
option interface 'wan'
option target '95.215.45.33'
Output of "ifconfig" :
br-lan Link encap:Ethernet HWaddr 90:F6:52:E9:D2:98
inet addr:192.168.5.1 Bcast:192.168.5.255 Mask:255.255.255.0
inet6 addr: fe80::92f6:52ff:fee9:d298/64 Scope:Link
inet6 addr: 2001:470:dd8a:dead::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4400194630 errors:0 dropped:0 overruns:0 frame:0
TX packets:2714180377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5694738756451 (5.1 TiB) TX bytes:677545583631 (631.0 GiB)
eth0 Link encap:Ethernet HWaddr 90:F6:52:E9:D2:98
inet6 addr: fe80::92f6:52ff:fee9:d298/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2985989158 errors:0 dropped:4 overruns:126784 frame:0
TX packets:2851831366 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:819746162 (781.7 MiB) TX bytes:1240293260 (1.1 GiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 90:F6:52:E9:D2:98
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4372927388 errors:0 dropped:0 overruns:0 frame:0
TX packets:2658967634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5684460257085 (5.1 TiB) TX bytes:613334024949 (571.2 GiB)
eth0.2 Link encap:Ethernet HWaddr F8:1A:67:BC:CE:6F
inet addr:92.42.31.58 Bcast:92.42.31.255 Mask:255.255.255.0
inet6 addr: fe80::fa1a:67ff:febc:ce6f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2546175345 errors:0 dropped:690452 overruns:0 frame:0
TX packets:3906714677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:742298456171 (691.3 GiB) TX bytes:4980567718953 (4.5 TiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10458 errors:0 dropped:0 overruns:0 frame:0
TX packets:10458 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1117351 (1.0 MiB) TX bytes:1117351 (1.0 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.200.4 P-t-P:192.168.200.4 Mask:255.255.255.128
inet6 addr: 2001:470:28:22f::1002/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:24302 errors:0 dropped:0 overruns:0 frame:0
TX packets:20412 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25653721 (24.4 MiB) TX bytes:12613906 (12.0 MiB)
wlan0 Link encap:Ethernet HWaddr 90:F6:52:E9:D2:99
inet6 addr: fe80::92f6:52ff:fee9:d299/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1177685 errors:0 dropped:0 overruns:0 frame:0
TX packets:1666520 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:125208652 (119.4 MiB) TX bytes:1934430798 (1.8 GiB)
wlan0-1 Link encap:Ethernet HWaddr 92:F6:52:E9:D2:99
inet addr:192.168.6.1 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr: fe80::90f6:52ff:fee9:d299/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:103334940 errors:0 dropped:3 overruns:0 frame:0
TX packets:147659029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3595833230 (3.3 GiB) TX bytes:794372382 (757.5 MiB)
wlan1 Link encap:Ethernet HWaddr 90:F6:52:E9:D2:9A
inet6 addr: fe80::92f6:52ff:fee9:d29a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31015319 errors:0 dropped:0 overruns:0 frame:0
TX packets:58163361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1309062584 (1.2 GiB) TX bytes:2680490117 (2.4 GiB)
Output of "route -n" :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 92.42.31.1 0.0.0.0 UG 20 0 0 eth0.2
0.0.0.0 192.168.200.1 0.0.0.0 UG 50 0 0 tun0
31.220.43.152 0.0.0.0 255.255.255.255 UH 20 0 0 eth0.2
92.42.31.0 0.0.0.0 255.255.255.0 U 20 0 0 eth0.2
93.95.98.176 0.0.0.0 255.255.255.255 UH 20 0 0 eth0.2
95.215.45.33 0.0.0.0 255.255.255.255 UH 20 0 0 eth0.2
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0-1
192.168.99.98 0.0.0.0 255.255.255.255 UH 50 0 0 tun0
192.168.200.0 0.0.0.0 255.255.255.128 U 50 0 0 tun0
Output of "ip rule show" :
0: from all lookup local
220: from all lookup 220
1001: from all iif eth0.2 lookup main
1002: from all iif tun0 lookup main
2001: from all fwmark 0x100/0xff00 lookup 1
2002: from all fwmark 0x200/0xff00 lookup 2
2254: from all fwmark 0xfe00/0xff00 unreachable
32766: from all lookup main
32767: from all lookup default
Output of "ip route list table 1-250" :
1
default via 92.42.31.1 dev eth0.2
2
default via 192.168.200.1 dev tun0
Firewall default output policy (must be ACCEPT) :
ACCEPT
Output of "iptables -L -t mangle -v -n" :
Chain PREROUTING (policy ACCEPT 437K packets, 366M bytes)
pkts bytes target prot opt in out source destination
449K 377M mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0
437K 366M fwmark all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 4174 packets, 2819K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 432K packets, 363M bytes)
pkts bytes target prot opt in out source destination
432K 363M mssfix all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4579 packets, 1218K bytes)
pkts bytes target prot opt in out source destination
4612 1225K mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0
4612 1225K mwan3_output_hook all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 436K packets, 365M bytes)
pkts bytes target prot opt in out source destination
Chain fwmark (1 references)
pkts bytes target prot opt in out source destination
Chain mssfix (1 references)
pkts bytes target prot opt in out source destination
Chain mwan3_connected (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 127.0.0.0/8 MARK or 0xff00
1310 133K MARK all -- * * 0.0.0.0/0 224.0.0.0/3 MARK or 0xff00
0 0 MARK all -- * * 0.0.0.0/0 31.220.43.152 MARK or 0xff00
174K 57M MARK all -- * * 0.0.0.0/0 92.42.31.0/24 MARK or 0xff00
0 0 MARK all -- * * 0.0.0.0/0 93.95.98.176 MARK or 0xff00
3603 930K MARK all -- * * 0.0.0.0/0 95.215.45.33 MARK or 0xff00
4002 2779K MARK all -- * * 0.0.0.0/0 192.168.5.0/24 MARK or 0xff00
8 1124 MARK all -- * * 0.0.0.0/0 192.168.6.0/24 MARK or 0xff00
0 0 MARK all -- * * 0.0.0.0/0 192.168.99.98 MARK or 0xff00
73 7929 MARK all -- * * 0.0.0.0/0 192.168.200.0/25 MARK or 0xff00
Chain mwan3_hook (2 references)
pkts bytes target prot opt in out source destination
454K 378M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0xff00
5787 587K mwan3_ifaces all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
2699 226K mwan3_rules all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
454K 378M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0xff00
454K 378M mwan3_connected all -- * * 0.0.0.0/0 0.0.0.0/0
Chain mwan3_iface_sevpn (1 references)
pkts bytes target prot opt in out source destination
29 4784 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00 /* sevpn */ MARK xset 0x200/0xff00
Chain mwan3_iface_wan (1 references)
pkts bytes target prot opt in out source destination
3059 357K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00 /* wan */ MARK xset 0x100/0xff00
Chain mwan3_ifaces (1 references)
pkts bytes target prot opt in out source destination
3059 357K mwan3_iface_wan all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
29 4784 mwan3_iface_sevpn all -- tun0 * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
Chain mwan3_output_hook (1 references)
pkts bytes target prot opt in out source destination
Chain mwan3_policy_vpn_only (1 references)
pkts bytes target prot opt in out source destination
252 18096 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00 /* sevpn 50 50 */ MARK xset 0x200/0xff00
Chain mwan3_policy_wan_only (2 references)
pkts bytes target prot opt in out source destination
2282 192K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00 /* wan 20 20 */ MARK xset 0x100/0xff00
Chain mwan3_rules (1 references)
pkts bytes target prot opt in out source destination
2179 183K mwan3_policy_wan_only all -- * * 192.168.5.10 0.0.0.0/0 mark match 0x0/0xff00 /* server */
252 18096 mwan3_policy_vpn_only all -- * * 192.168.5.0/24 0.0.0.0/0 mark match 0x0/0xff00 /* lan_subnet */
103 8806 mwan3_policy_wan_only all -- * * 192.168.6.0/24 0.0.0.0/0 mark match 0x0/0xff00 /* guests */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment