2

Is it possible to reconfigure one of the LAN ports on a WRT54GL (running Tomato firmware) to act as a second WAN port?

I have the following networks:

  • PPOE connection to ADSL modem (works fine on the normal WAN port)
  • WiFi neighbourhood network (in 178.X.X.X range), via a Mikrotik routerboard

which I'd like to put on the WAN side of the router. I'd then like to set up routing so than some traffic (172.X.X.X) is routed to the Mikrotik and the rest to the ADSL modem.

p.s. for practical reasons, I can't use the Mikrotik as the firewall/router.

Edit: It seems this can be done by editing iptables, can someone tell me exactly how?

pufferfish
  • 2,660
  • 9
  • 37
  • 40

4 Answers4

2

You would need to re-flash the firmware with something like DD-WRT which can get you full access to the underlying Linux OS. From there you can configure the iptables, etc. to do whatever you wish on the different interfaces.

You will need a firm understanding of Linux routing, this is not for the casual end-user.

The main page for the DD-WRT project is http://www.dd-wrt.com

Kevin K
  • 833
  • 1
  • 6
  • 8
  • I'm already running Tomato, added that detail to my question. So it's just a matter of iptables? Could you expand your answer? – pufferfish Oct 01 '09 at 11:35
  • 1
    The only difference between a WAN port and a local port are the firewall rules. Generally speaking the WAN port has all inbound traffic denied unless it is associated with an action initiated from inside your network. You then open up individual ports for forarding, etc. You could do the same with one of the other ports and then it is in essence a WAN port. I am not familiar with Tomato, but you could just list out the rules from iptables and configure another port the same as the current WAN port and then add the static routes. – Kevin K Oct 01 '09 at 13:45
  • "The only difference between a WAN port and a local port are the firewall rules." Not true. The WAN port and the Lan ports are on different vlans. – Justin Feb 02 '10 at 03:50
2

Designating one of your "Lan" ports to be connected to the neighborhood wifi network shouldn't be too difficult if you use a firmware that gives you access to the underlying IP stack, such as DD-WRT. However...

I'd then like to set up routing so than some traffic is routed to ADSL, and the rest to the Mikrotik.

This is the tricky part—What you want to set up is called multirouting. It can distribute your traffic onto both upstream connections, but with about a bazillion caveats. I wrote a blog post about this in 2004, but it's mostly still relevant today. An excerpt:

Since it’s fundamentally impossible to route each packet individually when NAT is involved, the best that we can do is to route each session individually. This way, we ensure that all packets from a given session use the same connection.

If you have a lot of different sessions originating from your local network, then you'll achieve a good balance over both Internet connections. If round-robin allocation isn't what you want, you could also define which types of traffic go out which Internet connection based on the TCP/UDP port.

Be Brave Be Like Ukraine
  • 103
  • 1
  • 1
  • 8
lukecyca
  • 2,185
  • 13
  • 20
1

Instructions for setting up load balancing under dd-wrt are at: http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization

However load balancing is usually profoundly dissapointing.

Dan
  • 488
  • 1
  • 3
  • 16
1

If you don't need to apply any firewall rules for the second network, then you don't even need iptables, just a static route like..

ip route add 172.16.0.0/24 via 192.168.0.3

where 192.168.0.3 is the address assigned to the lan interface on the Mikrotik device.

according to http://en.wikibooks.org/wiki/Tomato_(firmware)/Menu_Reference#Advanced there is some Advanced -> Routing menu that lets you add static routes.

Justin
  • 3,776
  • 15
  • 20