<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 23, 2015 at 11:52 AM, Kristian Evensen <span dir="ltr"><<a href="mailto:kristian.evensen@gmail.com" target="_blank">kristian.evensen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Sorry about partial reply, clumsy fingers.<br>
<div><div class="h5"><br>
On Wed, Sep 23, 2015 at 11:31 AM, Hans Dedecker <<a href="mailto:dedeckeh@gmail.com">dedeckeh@gmail.com</a>> wrote:<br>
> Can you share the uci network config and ifstatus of the different<br>
> interfaces ?<br>
<br>
UCI config is nothing more than ... proto dhcp ... ip4/ip6table X<br>
<br>
>><br>
>><br>
>> I don't see any other fix than a partial revert. I guess the ADDR-rule can<br>
>> stay.<br>
><br>
> Is the service hosted on the multihomed router or on a lan device; nat<br>
> involved or not ?<br>
<br>
The current service I am access is a router located on one of the<br>
external networks.<br>
<br>
> It seems odd to me if the service is hosted on the gateway the nw rule is<br>
> hit as the local table lookup has pref 1 while the NW policy rules start<br>
> from 20000<br>
<br>
The route that needs to be hit is contained in main. Here is a more<br>
detailed description of what happens.<br>
<br>
- External router has IP 192.168.0.1 and netmask 255.255.255.0.<br>
- When I try to access this router, outgoing traffic is routed<br>
correctly as it does not match any source rules and hit the network<br>
</div></div>rule in the main table (<a href="http://192.168.0.0/24" rel="noreferrer" target="_blank">192.168.0.0/24</a> dev X src Y).<br>
- When the reply comes, problem occurs. Since the network rule is<br>
checked before the main table, we get a match on the "from<br>
<a href="http://192.168.0.0/24" rel="noreferrer" target="_blank">192.168.0.0/24</a>"-rule and packet is routed back out on the<br>
<a href="http://192.168.0.0/24" rel="noreferrer" target="_blank">192.168.0.0/24</a> interface. The correct route (i.e., the route for my<br>
local network) is in the main table.<br></blockquote><div>Ah ok I see the issue; traffic coming from behind the gateway and targeted to a direct connected device on the wan is impacted.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I have a question about this patch. In what scenario is it needed? Or<br>
rather, will you ever use source based routing and have a default </blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
route in the main table? As far as I remember, these rules are only </blockquote><div>Indeed we're using source based routing in combination with a default route in the main routing table; even the specific routing table(s) can contain a default route</div><div>Based on the addr rule the traffic is guided to a specific routing table so it leaves on the correct interface</div><div><br></div><div>Hans</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
added when you have specified an ip4/ip6table. Or do you have one </blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
interface without an ipXtable value?<br>
<span class="HOEnZb"><font color="#888888"><br>
-Kristian<br>
</font></span></blockquote></div><br></div></div>