Posted: Mon May 19, 2014 13:47 Post subject: Does 'ip rule' work in latest DD-WRT builds?
Having latest 23919 revision at TP-Link MR3220 rev.1 box i'm playing with some advanced networking stuff.
Now i'm stuck with ip rule thing that seems doesn't work with my setup for unknown reason.
Code:
root@mr3220:~# ip rule
right after reboot returns nothing
Code:
root@mr3220:~# ip rule add fwmark 0x1 table 100
root@mr3220:~# ip rule
and again nothing.
Any help would be very appreciated.
'ip rule' should return default kernel policy-based routing rules.
For instance, my another router with OpenWRT returns:
Code:
root@TL1043:~# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
I really need to route packets back to gateway where they originally came from, and i can't go further without working ip rule thing.
Could anybody confirm that ip rule works in build 23919?
This is my setup:
Main router TL-1043v1 (OpenWRT) acts as PPTP server and it has external ip-address (1.2.3.4).
Second router is MR-3220v1 (DD-WRT) connected to internet but doesn't have an external ip and it connects to main router as PPTP client.
I need to have an ability to use services from some device with let's say 192.168.33.2 ip-address located inside second router's LAN from internet.
Code:
LAN LAN
(192.168.1.0/24) INET (1.2.3.4) INET (10.0.0.1) (192.168.33.0/24)
_____|---------------|______________ ______________|---------------|______
| | | |
192.168.1.1 | MAIN | PPTPd server PPTP client | SECOND | 192.168.33.1
| | (192.168.1.1) (192.168.33.1) | |
|---------------| |---------------|
I've set up port forwarding at MAIN router (1.2.3.4:1234 > 192.168.33.2:5678) and immediately noticed using tcpdump, that SECOND router successfully delivers packets that came from ppp0 iface (192.168.33.1) to destination host (192.168.33.2) but sends answers back to default gw - eth0 iface (10.0.0.1).
Such default kernel behavior should be fixed by the following (correct me if i'm wrong or missed something):
Code:
1. iptables -t mangle -A PREROUTING -i ppp0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1
2. iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
3. ip route add default via 192.168.33.1 dev ppp0 table 100
4. ip rule add fwmark 0x1 lookup 100
5. ip route flush cache
It didn't managed to help as expected - packets are still going out through eth0 (internet) iface of router.
The only workaround that came to my mind is to do NAT at the MAIN router:
And it worked. Now i can connect and use services inside my SECOND router LAN.
A couple of question left:
1. Did i do everything correct setting up DD-WRT routing?
1. What are (hidden?) disadvantages of having NAT at ppp iface of main router?
2. Maybe consider to switch to OpenWRT on second router?