[OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule

Hans Dedecker dedeckeh at gmail.com
Wed Sep 23 05:31:42 EDT 2015


On Wed, Sep 23, 2015 at 9:50 AM, Kristian Evensen <
kristian.evensen at gmail.com> wrote:

> Hi,
>
> On Wed, Sep 9, 2015 at 3:45 PM, Hans Dedecker <dedeckeh at gmail.com> wrote:
> > Specific IP address and network rules are now checked before the main
> table lookup as the main table
> > often holds a default route. As a result the IP address and network
> rules pointing to s specific
> > routing table will not be checked anymore; by reversing the order the
> specific routing tables
> > are checked first if the ip rule matches.
>
> This commit breaks existing behavior in the following use case:
>
> A multihomed router with some service available on one of the external
> interfaces that should be reachable on the WAN. The destination

routing works fine, but replies are sent out on the wrong interface.
> The reason is that the nw rule is checked before main, so packets are
> routed back out on the WAN interface (and not to the LAN).

Can you share the uci network config and ifstatus of the different
interfaces ?

>
> I don't see any other fix than a partial revert. I guess the ADDR-rule can
> stay.

Is the service hosted on the multihomed router or on a lan device; nat
involved or not ?
It seems odd to me if the service is hosted on the gateway the nw rule is
hit as the local table lookup has pref 1 while the NW policy rules start
from 20000

Hans

>




> -Kristian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150923/4e2aee4a/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list