You are not logged in.

#1 2023-05-04 21:15:54

bearczy
Member
Registered: 2023-04-27
Posts: 2

Cell as a backup internet connection

Hi all,

I would like to use my arch server as a backup internet connection but I cannot solve it. I've got a router which has two wan ports and I would like to utilize the second one. 
I was using this article https://wiki.archlinux.org/title/router to set this up but no luck so far.

Here is the network layout:

AFGJ81onUcMPP4_gOnH2dDi3OW4_h15m8GpnLUTwxzPm009fy2_gNL87vJ4q5E538ypCzQ3P48aFdbn8UZdpKQPB0VUd-sGSBg=s2560

The image shows wlan0 but it is actually called wwan1. Sorry for the confusing naming.

The router's wan2 port is set up for failover with dynamic IP configuration. I was able to make it work with a raspberry PI and RaspAP, but I would like to streamline network and that's why I would like to use the already running server.

wwan1 is configured to auto-connect to my cell phone when cell's hotspot becomes available.
enp2s0 is providing IP address using dnsmasq to the router. (DNS servers are statically set for the connection on the router)
eno1 is using DHCP and that is the internal network connection.

Config for the enp2s0 interface:

[bearczy@drawbridge ~]$ cat /etc/netctl/intranet
Description='Private Interface'
Interface=enp2s0
Connection=ethernet
IP='static'
Address=('10.1.1.1/24')
[bearczy@drawbridge ~]$ ip a show enp2s0
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 50:3e:aa:0e:2c:b3 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::523e:aaff:fe0e:2cb3/64 scope link
       valid_lft forever preferred_lft forever

IP forwarding is already set:

[bearczy@drawbridge ~]$ cat /etc/sysctl.d/30-ipforward.conf
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

And iptables are configured like this:

[bearczy@drawbridge ~]$ cat /etc/iptables/iptables.rules
# Generated by iptables-save v1.8.9 on Thu May  4 22:45:29 2023
*filter
:INPUT ACCEPT [162:31593]
:FORWARD ACCEPT [5:420]
:OUTPUT ACCEPT [104:19583]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -i enp2s0 -o wwan1 -j ACCEPT
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Thu May  4 22:45:29 2023
# Generated by iptables-save v1.8.9 on Thu May  4 22:45:29 2023
*nat
:PREROUTING ACCEPT [75:5189]
:INPUT ACCEPT [57:3794]
:OUTPUT ACCEPT [16:1069]
:POSTROUTING ACCEPT [30:2221]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -o wwan1 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Thu May  4 22:45:29 2023

Whit this setup it seems nothing gets forwarded to the cell phone even though it seems like that the router is actually trying to send the data over wan2 when the main ISP is out.

I hope someone can help me out here because I cannot make this work.

Thanks in advance.

Offline

#2 2023-05-05 06:04:26

-thc
Member
Registered: 2017-03-15
Posts: 533

Re: Cell as a backup internet connection

Your server now acts as a software router for wwan1 - but it still routes all non-local IP traffic to it's default gateway - the Ubiquiti router.

What you need is called "policy based routing" or sometimes "source based routing".
You have to set up a different "default" route for all packets coming in from enp2s0.
http://wiki.wlug.org.nz/SourceBasedRouting

Offline

#3 2023-05-15 18:26:32

bearczy
Member
Registered: 2023-04-27
Posts: 2

Re: Cell as a backup internet connection

Thank you very much! That actually helped solve my problem.

Offline

Board footer

Powered by FluxBB