Static Routing not working Firmware: DD-WRT v3.0-r49467 N66u

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
calgarywifi
DD-WRT Novice


Joined: 24 Aug 2012
Posts: 23

PostPosted: Sun Aug 28, 2022 22:34    Post subject: Static Routing not working Firmware: DD-WRT v3.0-r49467 N66u Reply with quote
Hello, I hope everyone is well along with their loved ones.

I Have to Dd-wrt routers, on the main router (router A [10.1.1.1] n66u, small metered-like connection) i have a static route for googlevideo.com servers to go out on router B which has a gigabit connection

For Example I have rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138) route to go out on 10.1.1.2 (router B), the traceroute route works fine from SSH router A or client PC

but pinging it goes out directly ignoring the static routes
also clients behind router A have the same result, pinging goes out directly ignoring static routes.

router A

Code:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
74.125.159.138      10.1.1.2     255.255.255.255     UGH    0      0        0 br0


ping rr5---sn-vgqsknz7.googlevideo.com #this is ignoring the static route as ping is higher)
PING rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138): 56 data bytes
64 bytes from 74.125.159.138: seq=0 ttl=59 time=65.400 ms 


traceroute to rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138), 30 hops max, 38 byte packets
 1  10.1.1.2 (10.1.1.2)  0.753 ms  0.447 ms  0.405 ms
 ...goes out fine



When I watch a the youtube video on the Windows PC using rr5---sn-vgqsknz7.googlevideo.com it ignores the static route in router A, but when i traceroute it, it follows the static route from router A, and when I ping rr5---sn-vgqsknz7.googlevideo.com from the Windows client PC it does not use the static route

From Windows PC behind router A

Code:
Pinging rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138] with 32 bytes of data:
Reply from 74.125.159.138: bytes=32 time=64ms TTL=124

#if it was going out of router B time=would be about 40ms)

From Windows client behind router A
Code:

Tracing route to rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  routerA [10.1.1.1]
  2    <1 ms    <1 ms    <1 ms  10.1.1.2 #router B takes cover
  3    18 ms    17 ms    17 ms  etc



if i create static route on Windows directly bypassing DD-WRT router A entry routes everything works fine.
Code:

route add 74.125.159.138 mask 255.255.255.255 10.1.1.2

Tracing route to rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.2
  2    <1 ms     1 ms    <1 ms  #and so on

Pinging rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138] with 32 bytes of data:
Reply from 74.125.159.138: bytes=32 time=47ms TTL=60  #ping is lower
 OK!


any suggestions? Thank you in advance.
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Mon Aug 29, 2022 1:09    Post subject: Reply with quote
I don't agree that you can accurately assess if the static route is being used based on the timing. That's far too speculative. There may be other factors at play here.

A common mistake in this case is the failure to SNAT the traffic from router A to router B when the redirection takes place. Remember that router A is *still* tracking the connection. By failing to SNAT, the response from router B goes directly back to the client, rather than being routed *first* back to router A, then the client.

The use of SNAT keeps the state of connections "in order". Without it, those connections are just left hanging until they timeout. And this may be causing issues w/ followup packets on those connections. IOW, you just keep pumping packets to router A, which never gets replies back since they get routed back to the client directly via router B.

At the very least, I would add an SNAT to router A and see if it helps.

Granted, there may be some other issue here, but I would correct this one first and see what happens.

Code:
iptables -t nat -I POSTROUTING -s 10.1.1.0/24 -d 74.125.159.138 -j SNAT --to $(nvram get lan_ipaddr)


That's why having other gateways inside the same LAN, all of which are managing connections and their state, can be problematic. Ideally, only one of them should actually be doing so, specifically the one that routes that traffic outside the local network, NOT the intermediaries.

Given that, I suppose the other solution would be to NOT track those particular connections in the first place.

Code:
iptables -t raw -I PREROUTING -s 10.1.1.0/24 -d 74.125.159.138 -j NOTRACK


In some cases, it would make sense to specify the static route on the client itself simply for reasons of efficiency.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Mon Aug 29, 2022 6:00    Post subject: Reply with quote
moved this post to advanced networking forum

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
calgarywifi
DD-WRT Novice


Joined: 24 Aug 2012
Posts: 23

PostPosted: Mon Aug 29, 2022 22:40    Post subject: Reply with quote
thanks gave it a try didnt work.

my router A is also set to ROUTER mode instead of gateway mode, but switching to Gateway mode had the same result

(Gateway mode /clients have public ip addresses)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Tue Aug 30, 2022 7:43    Post subject: Reply with quote
Your browser or Youtube app might have their own DNS resolution so maybe they are using other servers, besides Youtube has a lot of servers and you are dynamically switched to one.

I once did a write up to block Youtube video and you need a lot of domains to block and use IPSET to dynamically get all IP addresses involved

So maybe it is not the routing which is the problem here

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum