7662 questions

9091 answers

14654 comments

12053 members

0 votes
270 views 7 comments
by
Hi,

I'm running a RUTX12 with RUTX_R_00.02.05.1 version.

The WAN is connected directly between a satellite connection KA-SAT and the second WAN by 4G (FRENCH OPERATOR BOUYGUES)

I wan't to forced some port from the lan to go on 4G or satellite connection but I don't find exactly where I can configurated this.

Florian

1 Answer

+1 vote
by
Hi,

Could you possibly explain in more detail what do you want to do? A topology of your network situation right now would be an amazing help.

EB.
by
Hi,

I wan't to send all traffic to the 4G and only SMTP,HTTP,HTTPS,POP and IMAP to the satellite.

for the diagram we have 4G on SIM1 port and SATELLITE on WAN port. I can't send some picture because we have a limitation for caracters..

FA
by
I still don't really understand what do you mean by sending all traffic to the 4G and SMTP, HTTP, HTPPS, and so on to the satellite. Do you want to split your traffic so your router uses a 4G connection all the time, but in case it does anything on SMTP, HTTP, HTTPS, POP, and IMAP protocols it should use WAN traffic?

Pictures could be uploaded into third party cloud servers, so just paste the links here.

EB.
by

first picture

by

second picture

it's with a TP LINK Router and I want to make the same rules on the teltonika

by

Hi,

Sorry for the late reply.

1. First of all, you will need to make sure both interfaces are working without any issues.

1.2 Go to your Network > Interfaces page and check if the WAN and MOB1SxA1 interface has connectivity.

2. Then go to Network > Routing > Advanced Static Routes, and create the first table with any ID:

Set Interface to one of your desired interfaces that you want to policy route to.

Target must be: 0.0.0.0

IPV4-Netmask must be: 0.0.0.0

And gateway must be the main LAN IP of your other router or gateway that you use behind WAN connection, in my case it's 192.168.2.1

2.1 Save.

3. Now go create a second table:

In the second table choose the other interface that you wish to policy route to.

Target must be: 0.0.0.0

IPV4-Netmask must be: 0.0.0.0

And leave the gateway blank.

3.1 Save.

4. Now go to ROUTING RULES FOR IPV4.

And set it to be like this:

Everything should be set like in the picture except two things:

  • Firewall mark can be any number you want - we're going to use it as an identifier for our policy route.
  • And the Lookup table - which means the interface that is bound to it. So if we "First", then we know that the traffic will go to WAN interface.
4.1 Save it.
5. Go to Firewall > Custom Rules.
5.1 In here we will put command according to this placeholder:
iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j MARK --set-mark 80

An important part of this command is -j MARK and --set mark, as these will allow us to put identifiers on our policy route and split the traffic accordingly.

So for example, I want to access web page: Manoip.lt only from Mobile interface.

First I do is ping manoip.lt to see what is IP behind the domain.

Now we know that we need 79.98.28.174 in our iptables command. So in the end it should look like this:

iptables -t mangle -A PREROUTING -p tcp -d 79.98.28.174/32 --dport 80 -j MARK --set-mark 22

And as you see I used --set-mark 22 to use it with my rule at Advanced Static Router > Routing Rules for IPV4.

Then if you go and set there the Lookup table: Second, your traffic - that leads and comes back from 79.98.28.174 and port 80 will be only done by Mobile interface.

Hope this helps.

EB.

by
Hi,

If I understand correctly, for my configuration I have only need to make on the iptable 0.0.0.0/32 --dport 80 -j MARK --set mark 22(forwan)

for have all traffic on the port 80 to the WAN correct ? But if I want to declare some port like this 1 to 24 for exemple to the 4G how I can perform this ?

I can make on the iptables -t mangle -A PREROUTING -p tcp -d  0.0.0.0/32 --dport 1-24 -j MARK --set-mark 22 ?

and the same for udp ?

Best Regards,

Florian
by

if you want to set IP address to ANY, you need to use 0.0.0.0/0, and if you set to port 80, it will mean that it will take ALL HTTP traffic.

So further fixing your command it should look like this: 

iptables -t mangle -A PREROUTING -p tcp -d  0.0.0.0/0 --dport 1:24 -j MARK --set-mark 22

and if you want udp instead of tcp, then use -p udp

EB.