[OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule

Hans Dedecker dedeckeh at gmail.com
Wed Sep 23 07:07:24 EDT 2015

On Wed, Sep 23, 2015 at 11:52 AM, Kristian Evensen <
kristian.evensen at gmail.com> wrote:

> Sorry about partial reply, clumsy fingers.
> On Wed, Sep 23, 2015 at 11:31 AM, Hans Dedecker <dedeckeh at gmail.com>
> wrote:
> > Can you share the uci network config and ifstatus of the different
> > interfaces ?
> UCI config is nothing more than ... proto dhcp ... ip4/ip6table X
> >>
> >>
> >> I don't see any other fix than a partial revert. I guess the ADDR-rule
> can
> >> stay.
> >
> > Is the service hosted on the multihomed router or on a lan device; nat
> > involved or not ?
> The current service I am access is a router located on one of the
> external networks.
> > It seems odd to me if the service is hosted on the gateway the nw rule is
> > hit as the local table lookup has pref 1 while the NW policy rules start
> > from 20000
> The route that needs to be hit is contained in main. Here is a more
> detailed description of what happens.
> - External router has IP and netmask
> - When I try to access this router, outgoing traffic is routed
> correctly as it does not match any source rules and hit the network
> rule in the main table ( dev X src Y).
> - When the reply comes, problem occurs. Since the network rule is
> checked before the main table, we get a match on the "from
>"-rule and packet is routed back out on the
> interface. The correct route (i.e., the route for my
> local network) is in the main table.
Ah ok I see the issue; traffic coming from behind the gateway and targeted
to a direct connected device on the wan is impacted.

> I have a question about this patch. In what scenario is it needed? Or
> rather, will you ever use source based routing and have a default

route in the main table? As far as I remember, these rules are only

Indeed we're using source based routing in combination with a default route
in the main routing table; even the specific routing table(s) can contain a
default route
Based on the addr rule the traffic is guided to a specific routing table so
it leaves on the correct interface


> added when you have specified an ip4/ip6table. Or do you have one

interface without an ipXtable value?
> -Kristian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150923/2daf7387/attachment.htm>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list