[OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule

Kristian Evensen kristian.evensen at gmail.com
Wed Sep 23 05:52:44 EDT 2015

Sorry about partial reply, clumsy fingers.

On Wed, Sep 23, 2015 at 11:31 AM, Hans Dedecker <dedeckeh at gmail.com> wrote:
> Can you share the uci network config and ifstatus of the different
> interfaces ?

UCI config is nothing more than ... proto dhcp ... ip4/ip6table X

>> I don't see any other fix than a partial revert. I guess the ADDR-rule can
>> stay.
> Is the service hosted on the multihomed router or on a lan device; nat
> involved or not ?

The current service I am access is a router located on one of the
external networks.

> It seems odd to me if the service is hosted on the gateway the nw rule is
> hit as the local table lookup has pref 1 while the NW policy rules start
> from 20000

The route that needs to be hit is contained in main. Here is a more
detailed description of what happens.

- External router has IP and netmask
- When I try to access this router, outgoing traffic is routed
correctly as it does not match any source rules and hit the network
rule in the main table ( dev X src Y).
- When the reply comes, problem occurs. Since the network rule is
checked before the main table, we get a match on the "from"-rule and packet is routed back out on the interface. The correct route (i.e., the route for my
local network) is in the main table.

I have a question about this patch. In what scenario is it needed? Or
rather, will you ever use source based routing and have a default
route in the main table? As far as I remember, these rules are only
added when you have specified an ip4/ip6table. Or do you have one
interface without an ipXtable value?

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list