LAN to LAN Routing with Ubiquiti EdgeRouter Dual-WAN

The Ubiquiti EdgeRouter requires additional configuration if you wish to route between subnets on your LAN when the dual-WAN option is configured.

LAN to LAN routing will not work with the default load-balancing configuration. To enable this, the default load-balancing rule must be removed and added again. This is due to the default rule being number 1 – we need to set a rule to exclude LAN to LAN routing at a higher number than the default load balancing rule. (Please note that if you have already configured your load balancing rule with a number higher than 1, you can skip the following step and proceed to adding a new firewall rule.)

Add static route(s) for your other LAN subnets

If you haven’t already, add static routes for your other LAN subnets. Please note that this is only necessary if these routes are accessible via a different router. If your EdgeRouter is directly connected to these networks, do NOT add static routes, and skip to the next section.

How to add a static route, accessible via a different router:

In the following example, our EdgeRouter has the address 10.0.1.1. The networks 10.0.2.0/24, 192.168.1.0/24, and 192.168.2.0/24, are accessible by a different router with the address 10.0.1.254.

Add a firewall network group for the LAN subnets

The LAN subnets need to be added to a firewall network group. In the example below, the networks 10.0.2.0/24, 192.168.1.0/24, and 192.168.2.0/24 are added to a network group named LAN_NETWORKS:

Modify the dual-WAN firewall rules

First, display your current dual-WAN firewall rules with the following commands

It will look something like this (make note of the variables and change them as needed for your environment):

If your load balancing rule is rule 1, you must delete it and recreate it because we need to make a rule before the load balance rule.

To delete rule 1 (or whatever rule the default load balancing rule is on your router):

Next, add a rule for the LAN to LAN networks so that they are handled by the main routing table, and not the load balancing table:

Now recreate the original load balance firewall rule, but this time assign it to rule 20 so that it will be processed after the LAN to LAN routing rule:

Make sure your LAN to LAN routing now works! If you have any trouble, you may need to reboot your router after applying this configuration.

Links and more reading

WAN Load balancing: https://community.ubnt.com/t5/EdgeMAX/WAN-load-balancing-except-for-some-traffic/td-p/703541

LAN to LAN exclusion section: http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-Dual-WAN-load-balance-feature-v1-4-0/ta-p/699501

Comments

comments

1 Comment

  1. Thank you so much for this post !

    It seems to have another pb with multiwan

    All VLAN interfaces bandwidth statistics are false using multiwan

    what should I do to get them back ?

Leave a Reply

Your email address will not be published.


*