Temat: Problem z konfiguracją failover w mwan3 z użyciem modemu LTE
Dobry wieczór,
Od kilku dni walczę z konfiguracją failover z połączenia WAN do modemu LTE USB z użyciem mwan3.
Jestem już bardzo blisko bo udało mi się uruchomić modem Huawei E3372s-153 (zwykła wersja), są pingi z poziomu linii komend routera po wskazaniu interfejsu 3g-wan2:
ping -c 10 -I 3g-wan2 www.google.comAle po odłączeniu przewodu WAN nie działa internet na klientach, nie można pingować po ip ani po adresie strony (z poziomu routera pingi działają po ip oraz po adresie www).
Zainstalowałem mwan3 i jako wciąż dość zielony użytkownik linuxa straciłem sporo czasu na próby uruchomienia, później znalazłem na forum informację, że trzeba doinstalować pakiet ip-full żeby mwan3 działał prawidłowo (i po doinstalowaniu faktycznie status zapasowego interfejsu po wydaniu mwan3 status zmienił się z offline na online).
Niestety nadal nie działa jak należy bo w międzyczasie kombinowałem z konfiguracją zgodnie z instrukcją
http://pliki.linuxiarz.pl/11-2013/PORAD … 3%20v1.pdf
i chyba dlatego nie działa bo coś namieszałem i teraz nie umiem wykryć przyczyny.
Bardzo proszę o pomoc bo już nie mam sił na dalsze próby.
W razie zaniku internetu na interfejsie wan chciałbym przełączać internet dla całej sieci na wan2 z modemu i z powrotem jak tylko wróci internet na głównym łączu.
Zawartość etc/config/mwan3 :
config globals 'globals'
option mmx_mask '0x3F00'
option rtmon_interval '5'
config interface 'wan'
option enabled '1'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '2'
option count '1'
option timeout '2'
option failure_latency '1000'
option recovery_latency '500'
option failure_loss '20'
option recovery_loss '5'
option interval '5'
option down '3'
option up '8'
option reroute '0'
config interface 'wan6'
option enabled '0'
list track_ip '2001:4860:4860::8844'
list track_ip '2001:4860:4860::8888'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '2'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
config interface 'wanb'
option enabled '0'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '1'
option count '1'
option timeout '2'
option failure_latency '1000'
option recovery_latency '500'
option failure_loss '20'
option recovery_loss '5'
option interval '5'
option down '3'
option up '8'
config interface 'wanb6'
option enabled '0'
list track_ip '2001:4860:4860::8844'
list track_ip '2001:4860:4860::8888'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
config interface 'wan2'
option enabled '1'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '10'
option interval '20'
option failure_interval '5'
option recovery_interval '5'
option down '10'
option up '5'
config member 'wan_m1_w3'
option interface 'wan'
option metric '1'
option weight '1'
config member 'wan2_m2_w2'
option interface 'wan'
option metric '2'
option weight '3'
config policy 'wan_1_wan2_2'
list use_member 'wan_m1_w3'
list use_member 'wan2_m2_w2'
config rule 'rule'
option dest_ip '0.0.0.0/0'
option proto 'all'
option use_policy 'wan_1_wan2_2'Zawartość etc/config/network :
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd26:9d2b:f1a7::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.1.1.1'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'XX:XX:XX:XX:XX:XX'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option metric '1'
option dns '1.1.1.1 8.8.8.8'
option peerdns '0'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'XX:XX:XX:XX:XX:XX'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option ar8xxx_mib_type '0'
option ar8xxx_mib_poll_interval '500'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'wan2'
option proto '3g'
option device '/dev/ttyUSB1'
option service 'umts'
option apn 'virgin-internet'
option metric '2'
option ipv6 '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
option peerdns '0'Po wydaniu polecenia mwan3 stop i później mwan3 start dostaję:
000129 WARN : Service section disabled! - TERMINATEWynik polecenia:
mwan3 status :
Interface status:
interface wan is online and tracking is active
interface wan6 is offline and tracking is down
interface wanb is offline and tracking is down
interface wanb6 is offline and tracking is down
interface wan2 is online and tracking is active
Current ipv4 policies:
wan_1_wan2_2:
wan (100%)
Current ipv6 policies:
wan_1_wan2_2:
unreachable
Directly connected ipv4 networks:
193.151.99.0
10.1.1.0
10.230.25.225
127.0.0.0
127.0.0.0/8
10.1.1.1
193.151.99.205
10.64.64.64
127.255.255.255
10.1.1.255
224.0.0.0/3
193.151.99.255
10.1.1.0/24
193.151.99.0/24
127.0.0.1
Directly connected ipv6 networks:
fd26:9d2b:f1a7::/64
fe80::/64
Active ipv4 user rules:
15 1266 - wan_1_wan2_2 all -- * * 0.0.0.0/0 0.0.0.0/0
Active ipv6 user rules:
0 0 - wan_1_wan2_2 all * * ::/0 ::/0Zawartość pliku etc/config/firewall :
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 lte wan2'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'pozdrawiam i z góry dziękuję za wszelką pomoc,
Grzegorz