Want to route server on a sub-LAN to a particular WAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Want to route server on a sub-LAN to a particular WAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Want to route server on a sub-LAN to a particular WAN
Want to route server on a sub-LAN to a particular WAN
2022-09-20 17:12:07 - last edited 2022-09-20 17:32:18
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.0 Build 20220106 Rel.56391

I have two WANs.

 

On the LAN side I have the ER605 serving IP addresses (192.168.0.xx) to a number of devices.  One of these is a Mesh network, which has its own router and subnet (192.168.5.xx).  I have a number of devices on the mesh network - one is a small Home Assistant server, which uses duckdns to provide a dynamic DNS service.  I have set up the server's static IP address etc. and all the port forwarding necessary from the WAN side to (half the time) connect to the HA server.

But sometimes I cannot access the server from the WAN side using the dynamic DNS service.  I think this is because the server is reporting its WAN side IP address on both of the WAN connections, as the ER605 routes over each of the load balanced WAN connections.  So sometimes the Dynamic DNS service is significantly behind the curve.

The HA server has to be on its own mesh network as I have many devices, like sensors etc. on the same network, which the HA server discovers and interacts with.

My ideal solution would be to tell the ER605 always to route outgoing connections from the HA server to one particular WAN, but not route the whole mesh network (as there are streaming devices also on the mesh network) to the same single WAN.  The HA server has a static address on the mesh network (let's say it is 192.168.5.100) and I can also get its MAC if necessary.

Is there anyway I can tell the ER605 to always route traffic from 192.168.5.100, or the particular MAC address over a particular WAN?
 

  0      
  0      
#1
Options
11 Reply
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-20 19:07:19 - last edited 2022-10-13 10:11:56

EDIT

  0  
  0  
#2
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-21 05:55:34

  @rtX 

 

192.168.5.x this sub-LAN comes from your Mesh router right? From my understanding you actually have two routers, one is the tp-link, and another one is the Mesh router that connects to tplink router LAN.

 

Internet--ER605(LAN 192.168.0.1)--(WAN)Mesh router(LAN192.168.5.1)

 

If so, what you need to do is Policy Routing.

 

Your Mesh router must have a WAN IP address that in the same subnet as the ER605. On ER605 configure Policy Routing, Service Type choose ALL, Source IP is the WAN IP of your Mesh router, Destination IP choose Any, and WAN choose the WAN port that you want to force Mesh router use.

 

Policy Routing example

 

  0  
  0  
#3
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-22 18:15:59

  @btx It's a Tenda Mesh system, not Open WRT compatible as I understand it - thank you for your response.

  0  
  0  
#4
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-22 18:33:59

  @Somnus 

 

Thank you for your reply.  The Mesh system is on the LAN side of the ER605.  It is connected to one of the LAN ports of the ER605, so your diagram looks correct:

 

WAN1

WAN2 (both connected to ER605 192.168.0.1) <--> Mesh system (192.168.5.1) and other connections to other LAN ports on ER605

 

Your solution, I think would probably work, but not do exactly what I want it to.

 

The Mesh router has multiple devices connected to it, all of which are allocated addresses in the 168.192.5.xx range. The mesh sees the ER605 as its WAN, and is given a static IP address by the ER605 (say 192.168.0.100). The HA server on the mesh network also has a static IP address served by the Tenda Mesh system, say 192.168.5.25.

 

From what the answers suggest, there is no way to tell the ER605 to route all traffic from/to 192.168.5.25 (say) to a particular WAN - the key being 'from' the HA server, without telling it to route ALL traffic from the Mesh system to a particular WAN.  That would be fine except I also have a number of streaming devices attached to the mesh network, so I'd effectively lose the advantage of load balancing them.

 

I sort of hoped that duckdns would use an 'unusual' port to receive its requests from the server, but it seems to use http or https (much preferred for obvious reasons), so there's no way of identifying the server on its way out by its port request.

 

If I have got any of that wrong, then, I'd love to be corrected. :-)

 

  0  
  0  
#5
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-22 18:41:00 - last edited 2022-10-13 10:12:07

EDIT

  0  
  0  
#6
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-22 19:28:10

  @btx 

 

It's a Tenda Nova MW6 mesh.

 

I can't see a Profiles => Group setting on my ER605, but I can see Preferences => IP Group, which has two tabs on (IP Group and IP Address).

 

I have set up the IP Address tab entries with the IP address of 192.168.5.25/32, then I used that IP Address to be a group on the IP Group tab as a group.

 

Then I went to Transmission => Routing => Policy Routing. I used the policy group name (per IP Group) for both Source and Destination IP, and selected one particular WAN.

 

I can't yet tell if its working as I can only check and see if I get an external connection a number of time over the next few days, as it works intermittently without the routing.  I've related the above in case any of what I've done makes no sense.

 

Thanks for taking the time to respond.

 

 

  0  
  0  
#7
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-22 19:40:50 - last edited 2022-10-13 10:12:15

EDIT

  0  
  0  
#8
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-23 09:10:53 - last edited 2022-09-23 09:13:25

  @btx 

 

I have two WANs. One on WAN, one on WAN/LAN1

 

On the LAN side I have the ER605 serving IP addresses (192.168.0.xx) to a number of devices.

 

One of these is the Mesh network, which has its own subnet (192.168.5.xx). It is physically connected to LAN2 port on the ER605.  Reminder: I have a number of devices on that mesh network - one is the small Home Assistant server (set up with a static 192.168.5.25 address, say), which uses duckdns to provide a dynamic DNS service.  I have set up the server's static IP address etc. and all the port forwarding necessary from the WAN side (some of the time) to connect to the HA server.

 

Other devices are connected to the other LAN ports on the ER605, some via switches.

 

I want to keep the Tenda sub-router subnet as I envisage connecting all my sensors etc. on that network and I want to keep it separate from other networks in terms of IP addresses.

 

I want 192.168.5.25 traffic to be routed only to the WAN port connection (not the WAN/LAN1 internet connection).  I'd like the rest of WAN-type traffic on the 192.168.5.xx subnet to go over either/both the WAN or WAN/LAN1 - to be load balanced by the ER605.

 

It would be great if other devices connected to the ER605, with 192.168.0.xx IP addresses, could route on the LAN side to devices on the Tenda Mesh 192.168.5.xx subnet (of the ER605 192.168.0.xx), but this is less critical to me than only having the traffic from 192.168.5.25 (HA server) routed via the WAN port only on the ER605.

 

Any help with the above greatly appreciated. the more I get into this, the more I realise that I don't understand what I am doing fully.  But I want to learn.  Right now, for example, I can't find where to set up ACL on my standalone non-Omada connected ER605...

  0  
  0  
#9
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-23 12:55:49 - last edited 2022-10-13 10:12:24

EDIT

  0  
  0  
#10
Options
Re:Want to route server on a sub-LAN to a particular WAN
2022-09-24 10:28:18 - last edited 2022-09-24 11:18:39

  @btx 

 

Thanks.

 

Where is ACL on the ER605 - it is standalone.

  0  
  0  
#11
Options