7061 questions

8459 answers

13729 comments

10428 members

+1 vote
2,663 views 4 comments
by
I have a rut950 router.
I want to use load balancing between wired WAN and 4G.
How to set, for example, HTTP and RDP traffic redirection to wired WAN, and the rest to 4G?
I tried to set rules, but it does not work.

4 Answers

+1 vote
by

Thank you for your answer.

I checked one more variant.

I changed the protocol from all to tcp and it looks like load balancing works.

I can see my wired ISP on https://www.myip.com/ , and my LTE ISP on http://moje-ip.net/

Please check if I'm right.

You must be careful on https://www.speedtest.net , because I can see the name of my wired ISP but the test show the speed of my LTE ISP. I think they use the HTTP protocol for the test.

Best answer
by
I noticed that too. Maybe it uses some other protocols for download, who knows.
by

https://www.speedtest.net for speed testing uses TCP Web socket over 8080 port.

+1 vote
by

Hello,

Since HTTP and RDP uses predefined ports for their connection, you just have to route all traffic for these ports (port 80 for HTTP, port 3389 for RDP) through wired WAN and the rest through mobile.

The configuration should look something like this:

LB

Take note that order of the rules matters as well. Packets are matched in the specified order, so you should put the HTTP/RDP rules higher so that the traffic is split correctly.

by
............
0 votes
by

Thank you for your answer.
I set up like you.

I set the https port, I went to the website http://www.digipedia.pl/ip/ and I see my wired ISP.

I see my wired ISP on http://www.speedtest.net/pl

Should I see the LTE ISP?

+1 vote
by

I did multiple tests on this and I can see your issue. I just can't figure out why. Could be a bug in Load Balancing or it could be that Load Balancing isn't that smart since it is designed to just basically share the traffic load between different interfaces.

Anyway, I specified the different ports in one rule (80,443,3389) to go through wired and it worked. But when I only specify HTTPS (443), I get the same result as you.

Since this solution is a bit more advanced, I would recommend using routing tables and firewall rules instead. Let's say that you want to direct HTTP, HTTPS and RDP through wired and the rest through LTE.

  • Go to the router's WebUI and set Mobile as main WAN and Wired as WAN Failover
  • Login to the router via CLI or SSH. Create a new routing table for your traffic splitting purposes:
    • echo 1 split >> /etc/iproute2/rt_tables
    • I chose the table's number (5) and name (split) randomly. You can choose any name and any number between 1 and 199 (0 and 200-255 are taken by default).
  • Set up firewall rules to mark HTTP, HTTPS and RDP packets. You can add them via the Network -> Firewall -> Custom Rules page (you can just copy these lines and save):
    • iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 5
      iptables -t mangle -I PREROUTING -p tcp --dport 443 -j MARK --set-mark 5
      iptables -t mangle -I PREROUTING -p tcp --dport 3389 -j MARK --set-mark 5
    • I chose the mark '5' randomly. You should choose a mark that isn't already used by the firewall (5 is not used by default as far as I've checked).
  • Make some changes to /etc/config/network file: specify that wired WAN should use table 'split' and specify the wired WAN interface's gateway. Use these commands:
    • uci set network.@route[1].table='split'
      uci set network.@route[1].gateway='your.wired.wan.gw'
  • Create a rule that says all packets marked '5' should be routed according to the 'split' table:
    • uci set network.@rule[0].mark='5'
      uci set network.@rule[0].lookup='split'
      uci set network.@rule[0].priority='10'
  • Commit the changes and restart the network service:
    • uci commit
      /etc/init.d/network restart
  • And you should be done. Try testing the set up. You can use tcpdump to monitor traffic on different interfaces. If you visit HTTP, HTTPS websites or use RDP, you should see the traffic moving through the eth1 interface (wired WAN. Initiate with tcpdump -i eth1).
  • Check if the rule has been added with ip rule. The response should look like this:
    • 0:          from all lookup local
      10:      from all fwmark 0x5 lookup split
      32766:  from all lookup main
      32767:  from all lookup default
  • You can also experiment with the iptables rules during testing. For example, skip the HTTP or HTTPS rule and check your Public IP online.
  • One of the websites that I listed uses HTTP, the other - HTTPS. If you skipped one of the rules, these sites should show different IPs.

Anyway, I hope this helps. If you have any questions, feel free to ask.

by

Doesnt work. System doesnt put alter gw in the table after these commands:

uci set network.@route[1].table='split'
uci set network.@route[1].gateway='your.wired.wan.gw'

uci show network shows this configuration, but ip route list table split remains empty even after reboot.