Lightweight policy-based routing
Baptiste Jonglez
baptiste at bitsofnetworks.org
Sun Dec 6 05:09:09 EST 2020
On 04-12-20, Philip Prindeville wrote:
> But I’m trying:
>
> config rule
> option src '192.168.3.6'
> option lookup 200
>
> Per the cheatsheet and it’s resulting in:
>
> root at OpenWrt2:~# ip rule ls
> 0: from all lookup local
> 1: from all lookup 200
> 32766: from all lookup main
> 32767: from all lookup default
>
> i.e. the ’src’ is being ignored.
Several years ago (probably with LEDE 17.01) I was using this
configuration and it worked:
config rule
option in 'lan'
option src '172.23.184.111/32'
option lookup '666'
Try with the /32. If it still doesn't work, then it's a regression.
> Also trying:
>
> config route
> option target '151.101.0.0/16'
> option interface ‘xfrm0'
> option gateway '192.168.1.252'
> option table 200
> option proto ‘static'
>
> But that works great.
>
>
> > On Dec 4, 2020, at 1:00 PM, Jo-Philipp Wich <jo at mein.io> wrote:
> >
> > Hi Philip,
> >
> > ip rules are possible in uci, but not sure if all the bits you require are
> > covered:
> >
> > https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6
> >
> > `config route` sections allow specifying `option table` as well to stage the
> > routes in the non-main rttable.
> >
> > Since the device options for uci rules and routes require logical networks and
> > not Linux network device names, you might need to declare a dummy interface
> > for xfrm0, like this:
> >
> > config interface vpn
> > option proto static
> > option ifname xfrm0
> >
> > It might be that netifd will clear out any IP addresses on the xfrm0
> > interface, so you would need to encode those in uci as well:
> >
> > config interface vpn
> > option proto static
> > option ifname xfrm0
> > option ipaddr 192.168.1.0/24
> > option table 200 # will instruct netifd to put any related routes into
> > table 200
> >
> >
> > Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no
> > uci way to declare new symbolic aliases. So either you need to manage that
> > file externally or you stick to numeric table IDs.
> >
> > ~ Jo
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20201206/c23b7f2c/attachment.sig>
More information about the openwrt-devel
mailing list