Looking for input managing network connection interfaces
We are developing a gateway device based on the Omega2S+. Our hardware supports WiFi, Ethernet, Cellular, and for web configuration of settings soft AP. We have everything fully functional and are on the home stretch. The last thing to do before we can release this thing is to manage internet connectivity.
We plan to have the user prioritize internet connectivity interfaces and to disable them completely if they wish. So they would put the interfaces in order like:
I plan to use ping in a script to monitor internet connectivity of the interfaces like:
ping -c 1 -n -w 1 -I eth0 www.google.com
I'll do this on interval for all connectivity options the user has selected to enable. Once I find internet connection on the top priority connection I want to ensure that all internet based requests go over that particular interface. I'm not finding a conclusive way to do this. How can you tell OpenWRT to prioritize a particular interface for internet based requests?
If this is outside the scope of this forum please let me know and I'll be happy to request this over on OpenWRT.
crispyoz last edited by
@IOTrav Take a look at this thread, Lazar points the user to a thread on the OpenWrt forum which may assist you.
Taking a look at
/etc/config/firewall, you'll notice it has zones that control traffic flow of the network interfaces defined in
By default, the
wanfirewall zone is attached to the
/etc/config/networkyou'll see that the
wwannetwork interface is
apcli0, the Omega's WiFi client interface
We can change the
wanfirewall zone configuration to enable or disable traffic through this interface.
To start, my Omega is connected to WiFi and can ping the internet:
root@Omega-F195:/# ping www.google.com PING www.google.com (18.104.22.168): 56 data bytes 64 bytes from 22.214.171.124: seq=0 ttl=115 time=18.968 ms 64 bytes from 126.96.36.199: seq=1 ttl=115 time=22.639 ms ...
Then, I'll run these commands to REJECT input and output traffic for the
uci set firewall.@zone.output='REJECT' uci set firewall.@zone.input='REJECT' uci commit firewall
Note: these changes can also be made by modifying the
And restart the firewall:
I can no longer access the internet. The WiFi client interface is still associated with the network, but no traffic can go through:
root@Omega-F195:/# ping www.google.com PING www.google.com (188.8.131.52): 56 data bytes ping: sendto: Operation not permitted root@Omega-F195:/# ping www.google.com PING www.google.com (184.108.40.206): 56 data bytes ping: sendto: Operation not permitted
A few notes for your application @IOTrav :
- You'll need to add more zones to the firewall to control the ethernet and cellular network interfaces. But after that, you can programmatically control which interfaces act as the main connection to the internet
- Adjusting the zones manually may or may not be the best way of achieving what you're looking for. The firewall also supports creating Rules but I'm not too familiar with how they work. For a deeper dive into the firewall and rules, I suggest taking a look at the openwrt firewall documentation: https://openwrt.org/docs/guide-user/firewall/firewall_configuration
crispyoz last edited by crispyoz
Great stuff @Lazar-Demin can we put that in the FAQ?
Awesome @Lazar-Demin! I never thought to mess around with Firewall. I was trying to do everything through Network but this is awesome because the connection stays active but no traffic can pass through it. This means I can maintain a cellular connection but disallow traffic through it. This is perfect! Thanks so much for looking into this. I'll be sure to let you know how it works for me. Also I'll be putting together a python script to monitor internet connectivity through the interfaces and enable/disable them so I'll be sure to share that script for others.