You can check the status of the existing
Dual-WAN RPDB rules inserted when using the GUI.
..then simply match the rule syntax for the websites.
NOTE:
URLs/Domains cannot be used directly, so if there are multiple IPs for each website it will require a rule for each IP to ensure that ALL website traffic is routed appropriately.
e.g. If you already know the static IP of the website that needs to be routed via the
Primary WAN
Code:
ip rule add to xxx.xxx.xxx.xxx lookup wan0 prio 99
otherwise you will need to use additional scripting to add (without duplicates)
ALL of the current IPs associated with the website.
e.g. Send all requests for BBC UK via the
Secondary WAN
Code:
#!/bin/sh
for WEBSITE_IP in $(nslookup "www.bbc.co.uk" | grep -woE '([0-9]{1,3}\.){3}[0-9]{1,3}' | awk 'NR>2' | tr '\n' ' ')
do
ip rule del to $WEBSITE_IP lookup wan1 prio 99 2>/dev/null
ip rule add to $WEBSITE_IP lookup wan1 prio 99
done
If you must redirect
only Port 80 traffic to those IPs then you will most likely need to use the Netflix
IPSET+dnsmasq technique etc. especially if there are a huge list of multiple IPs for the website as they may change dynamically for each
nslookup call.
I suggest you
manually test your two sites (initially
allowing ANY port) to see if it works, then if required, try and limit the Selective Routing to
'www' traffic if this is vital.
e.g.
Untested -but will attempt to exploit
Dual-WAN tagging rules for specific ports i.e.
80 and
443 for the site
Code:
#!/bin/sh
# Usage:
# e.g. p www.cbs.com
# 2 www.nbc.com
case $1 in
1|p|primary) WAN_TAGMARK="0x80000000/0xf0000000" # Primary WAN
WAN_IF="wan0"
;;
2|s| secondary) WAN_TAGMARK="0x90000000/0xf0000000" # Secondary WAN
WAN_IF="wan1"
;;
*)
echo -e $cBRED"\a\n\t***ERROR arg must be WAN interface for Dual-WAN Selective Routing i.e 1-Primary WAN, 2-Secondary WAN\n"$cRESET
exit 99
;;
esac
for WEBSITE_IP in $(nslookup "$2" | grep -woE '([0-9]{1,3}\.){3}[0-9]{1,3}' | awk 'NR>2' | tr '\n' ' ')
do
iptables -t mangle -D PREROUTING -i br0 -d $WEBSITE_IP -p tcp -m multiport --dport 80,443 -j MARK --set-mark $WAN_TAGMARK 2>/dev/null
iptables -t mangle -A PREROUTING -i br0 -d $WEBSITE_IP -p tcp -m multiport --dport 80,443 -j MARK --set-mark $WAN_TAGMARK
done
iptables -nvL PREROUTING -t mangle --line