GL-BE9300 (v4.x) - DMZ and Inbound traffic failing with Multi-WAN Load Balancing

Aramil · January 9, 2026, 12:59am

ComasSky:

I am using the new GL-BE9300 with the latest firmware. I have a Multi-WAN Load Balancing setup (Ethernet 1 + Tethering).

The issue: > I have a server in DMZ on my main WAN (Ethernet 1). When Load Balancing is active, my server is unreachable from the outside.

It seems like the router is experiencing asymmetric routing: the traffic comes in via WAN 1, but the reply is sent out via WAN 2 due to the Load Balance ratio, causing the connection to drop.

What I need:

How can I force all inbound traffic to return through the same interface it came from (Sticky/Session persistence)?

I cannot find the mwan3 or "Policy" menu in the simplified UI or in LuCI to fix this.

I want a global solution so that any device receiving traffic from a specific WAN replies through that same WAN.

Is there an IP Rule or a specific NFTables command for the GL-BE9300 to lock the return path for all clients?

yeah you are right, something like this :

# create routing tables
echo "100 wan1" >> /etc/iproute2/rt_tables
echo "101 wan2" >> /etc/iproute2/rt_tables

# blueprints for gateways
ip route add default via 192.0.2.1 dev eth1 table wan1
ip route add default via 192.0.2.9 dev usb0 table wan2

# netfilter marking (OpenWrt nft syntax)
nft add table inet mangle

nft 'add chain inet mangle prerouting { type filter hook prerouting priority mangle; }'
nft 'add chain inet mangle output { type filter hook output priority mangle; }'

# mark incoming on WAN1
nft 'add rule inet mangle prerouting iif "eth1" connmark set 1'
nft 'add rule inet mangle prerouting iif "eth1" mark set 1'

# apply policy routing based on mark
ip rule add fwmark 1 table wan1