Does 'ip rule' work in latest DD-WRT builds?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
omme
DD-WRT Novice


Joined: 07 Apr 2014
Posts: 13
PostPosted: Mon May 19, 2014 13:47    Post subject: Does 'ip rule' work in latest DD-WRT builds? Reply with quote
Having latest 23919 revision at TP-Link MR3220 rev.1 box i'm playing with some advanced networking stuff.
Now i'm stuck with ip rule thing that seems doesn't work with my setup for unknown reason.
Code:
root@mr3220:~# ip rule

right after reboot returns nothing
Code:
root@mr3220:~# ip rule add fwmark 0x1 table 100
root@mr3220:~# ip rule

and again nothing.
Any help would be very appreciated.
Back to top View user's profile Send private message
Sponsor
omme
DD-WRT Novice


Joined: 07 Apr 2014
Posts: 13
PostPosted: Tue May 20, 2014 8:15    Post subject: Reply with quote
'ip rule' should return default kernel policy-based routing rules.
For instance, my another router with OpenWRT returns:
Code:
root@TL1043:~# ip rule
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

I really need to route packets back to gateway where they originally came from, and i can't go further without working ip rule thing.
Could anybody confirm that ip rule works in build 23919?
Back to top View user's profile Send private message
omme
DD-WRT Novice


Joined: 07 Apr 2014
Posts: 13
PostPosted: Wed May 21, 2014 13:13    Post subject: Reply with quote
Okay, yesterday i've found this: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=781477 and this: http://svn.dd-wrt.com/ticket/3033
But it remains unclear - does 'ip rule' just doesn't output anything or completely broken in dd-wrt?

This is my setup:
Main router TL-1043v1 (OpenWRT) acts as PPTP server and it has external ip-address (1.2.3.4).
Second router is MR-3220v1 (DD-WRT) connected to internet but doesn't have an external ip and it connects to main router as PPTP client.
I need to have an ability to use services from some device with let's say 192.168.33.2 ip-address located inside second router's LAN from internet.

Code:

LAN                                                                                                                    LAN
(192.168.1.0/24)                  INET (1.2.3.4)      INET (10.0.0.1)                       (192.168.33.0/24)
           _____|---------------|______________   ______________|---------------|______
                    |                  |                                                     |                  |
  192.168.1.1 |     MAIN      | PPTPd server             PPTP client    |   SECOND   | 192.168.33.1
                    |                  | (192.168.1.1)          (192.168.33.1) |                   |
                    |---------------|                                                    |---------------|

I've set up port forwarding at MAIN router (1.2.3.4:1234 > 192.168.33.2:5678) and immediately noticed using tcpdump, that SECOND router successfully delivers packets that came from ppp0 iface (192.168.33.1) to destination host (192.168.33.2) but sends answers back to default gw - eth0 iface (10.0.0.1).
Such default kernel behavior should be fixed by the following (correct me if i'm wrong or missed something):
Code:

1. iptables -t mangle -A PREROUTING -i ppp0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1
2. iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK  --restore-mark
3. ip route add default via 192.168.33.1 dev ppp0 table 100
4. ip rule add fwmark 0x1 lookup 100
5. ip route flush cache

It didn't managed to help as expected - packets are still going out through eth0 (internet) iface of router.

The only workaround that came to my mind is to do NAT at the MAIN router:
Code:
iptables -t nat -I POSTROUTING 1 -o ppp0 -j SNAT --to-source 192.168.1.1

And it worked. Now i can connect and use services inside my SECOND router LAN.

A couple of question left:
1. Did i do everything correct setting up DD-WRT routing?
1. What are (hidden?) disadvantages of having NAT at ppp iface of main router?
2. Maybe consider to switch to OpenWRT on second router?

Thanks in advance.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum