OpenWrt Forum Archive

Topic: IP Route

The content of this topic has been archived on 10 Feb 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
FluffyRabbit
5 Jun 2007, 15:19

Hi all,

I've got an openwrt router with 2 pppoe sessions setup. Using the mangle table with the iptables MARK
I've got it setup to route certain traffic through ppp1 with ppp0 being the default.

However, when my ppp1 account is capped the ip route for the table containing the MARKed packets
fails and all the traffic goes through the default ppp0. I don't want this to happen. I was wondering
if there is somewhere to change this.

Maybe detect that the ip route add command has failed and create an ip route unreachable or prohibit.
Or has a cronjob which checks if the ppp1 interface is up and route accordingly.

Any help with a solution would be greatly appreciated.

Here's a quick overview of my routing setup.


#echo 201 torrent>> /etc/iproute2/rt_tables
#
#iptables -A PREROUTING -t mangle -s 192.168.0.8 -p tcp --destination-port ! 80 -j MARK --set-mark 1
#iptables -A PREROUTING -t mangle -s 192.168.0.8 -p udp --destination-port ! 80 -j MARK --set-mark 1
#
#ip rule add fwmark 1 table torrent
#
#ip route add default via 196.209.48.1 dev ppp1 table torrent


Thanks

Post #2
lazics
6 Jun 2007, 12:32

my suggestion would be the usage of the metric parameter, that way if the first default route falls out, the second (unreachable) one will be used:

#ip route add default via 196.209.48.1 dev ppp1 metric 1 table torrent
#ip route add unreachable default metric 2 table torrent

(Last edited by lazics on 6 Jun 2007, 12:32)

Post #3
RalucaM
6 Jun 2007, 19:49

Also, you can mark the rest of the packets as well and route them using a different table, let's say mymain, with ppp0 as the default route. And then keep the main table without a default route. If ppp1 is not available, the packets will be dropped.

# iptables -A PREROUTING -t mangle -j MARK --set-mark 2
# iptables -A PREROUTING -t mangle -s 192.168.0.8 -p tcp --destination-port ! 80 -j MARK --set-mark 1
# iptables -A PREROUTING -t mangle -s 192.168.0.8 -p udp --destination-port ! 80 -j MARK --set-mark 1
# ip rule add fwmark 2 table mymain
# ip rule add fwmark 1 table torrent
# ip route add default via IP_HERE dev ppp0 table mymain
# ip route add default via 196.209.48.1 dev ppp1 table torrent

Post #4
lazics
6 Jun 2007, 20:02
RalucaM wrote:

And then keep the main table without a default route.

But this method has the sideeffect of killing any outgoing connections generated by local processes (PREROUTING is way before local processes, the mark won't apply to them), unless you can bind every piece of software there is on the router to a specific IP. And of course, there are more rules = more processing.

Post #5
RalucaM
6 Jun 2007, 20:08
lazics wrote:
RalucaM wrote:

And then keep the main table without a default route.

But this method has the sideeffect of killing any outgoing connections generated by local processes (PREROUTING is way before local processes, the mark won't apply to them), unless you can bind every piece of software there is on the router to a specific IP. And of course, there are more rules = more processing.

That true, and also, now I'm thinking is not that nice to replicate the main table in a different one, if it can be solved with the metric trick.

(Last edited by RalucaM on 6 Jun 2007, 20:08)

The discussion might have continued from here.