I did multiple tests on this and I can see your issue. I just can't figure out why. Could be a bug in Load Balancing or it could be that Load Balancing isn't that smart since it is designed to just basically share the traffic load between different interfaces.
Anyway, I specified the different ports in one rule (80,443,3389) to go through wired and it worked. But when I only specify HTTPS (443), I get the same result as you.
Since this solution is a bit more advanced, I would recommend using routing tables and firewall rules instead. Let's say that you want to direct HTTP, HTTPS and RDP through wired and the rest through LTE.
- Go to the router's WebUI and set Mobile as main WAN and Wired as WAN Failover
- Login to the router via CLI or SSH. Create a new routing table for your traffic splitting purposes:
- echo 1 split >> /etc/iproute2/rt_tables
- I chose the table's number (5) and name (split) randomly. You can choose any name and any number between 1 and 199 (0 and 200-255 are taken by default).
- Set up firewall rules to mark HTTP, HTTPS and RDP packets. You can add them via the Network -> Firewall -> Custom Rules page (you can just copy these lines and save):
- iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 5
iptables -t mangle -I PREROUTING -p tcp --dport 443 -j MARK --set-mark 5
iptables -t mangle -I PREROUTING -p tcp --dport 3389 -j MARK --set-mark 5
- I chose the mark '5' randomly. You should choose a mark that isn't already used by the firewall (5 is not used by default as far as I've checked).
- Make some changes to /etc/config/network file: specify that wired WAN should use table 'split' and specify the wired WAN interface's gateway. Use these commands:
- uci set network.@route[1].table='split'
uci set network.@route[1].gateway='your.wired.wan.gw'
- Create a rule that says all packets marked '5' should be routed according to the 'split' table:
- uci set network.@rule[0].mark='5'
uci set network.@rule[0].lookup='split'
uci set network.@rule[0].priority='10'
- Commit the changes and restart the network service:
- uci commit
/etc/init.d/network restart
- And you should be done. Try testing the set up. You can use tcpdump to monitor traffic on different interfaces. If you visit HTTP, HTTPS websites or use RDP, you should see the traffic moving through the eth1 interface (wired WAN. Initiate with tcpdump -i eth1).
- Check if the rule has been added with ip rule. The response should look like this:
- 0: from all lookup local
10: from all fwmark 0x5 lookup split
32766: from all lookup main
32767: from all lookup default
- You can also experiment with the iptables rules during testing. For example, skip the HTTP or HTTPS rule and check your Public IP online.
- One of the websites that I listed uses HTTP, the other - HTTPS. If you skipped one of the rules, these sites should show different IPs.
Anyway, I hope this helps. If you have any questions, feel free to ask.