Lightweight policy-based routing

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun Dec 6 05:09:09 EST 2020


On 04-12-20, Philip Prindeville wrote:
> But I’m trying:
> 
> config rule
> 	option src '192.168.3.6'
> 	option lookup 200
> 
> Per the cheatsheet and it’s resulting in:
> 
> root at OpenWrt2:~# ip rule ls
> 0:	from all lookup local
> 1:	from all lookup 200
> 32766:	from all lookup main
> 32767:	from all lookup default
> 
> i.e. the ’src’ is being ignored.

Several years ago (probably with LEDE 17.01) I was using this
configuration and it worked:

config rule                       
        option in 'lan'
        option src '172.23.184.111/32'
        option lookup '666'

Try with the /32.  If it still doesn't work, then it's a regression.

> Also trying:
> 
> config route
> 	option target '151.101.0.0/16'
> 	option interface ‘xfrm0'
> 	option gateway '192.168.1.252'
> 	option table 200
> 	option proto ‘static'
> 
> But that works great.
> 
> 
> > On Dec 4, 2020, at 1:00 PM, Jo-Philipp Wich <jo at mein.io> wrote:
> > 
> > Hi Philip,
> > 
> > ip rules are possible in uci, but not sure if all the bits you require are
> > covered:
> > 
> > https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6
> > 
> > `config route` sections allow specifying `option table` as well to stage the
> > routes in the non-main rttable.
> > 
> > Since the device options for uci rules and routes require logical networks and
> > not Linux network device names, you might need to declare a dummy interface
> > for xfrm0, like this:
> > 
> > config interface vpn
> >  option proto static
> >  option ifname xfrm0
> > 
> > It might be that netifd will clear out any IP addresses on the xfrm0
> > interface, so you would need to encode those in uci as well:
> > 
> > config interface vpn
> >  option proto static
> >  option ifname xfrm0
> >  option ipaddr 192.168.1.0/24
> >  option table 200   # will instruct netifd to put any related routes into
> > table 200
> > 
> > 
> > Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no
> > uci way to declare new symbolic aliases. So either you need to manage that
> > file externally or you stick to numeric table IDs.
> > 
> > ~ Jo
> > 
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20201206/c23b7f2c/attachment.sig>


More information about the openwrt-devel mailing list