I think there is a solution for this to do it automatically. Let's
consider this startup script (tun44 is our tunnel):
#!/bin/sh
MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`
MY_LOCAL = "44.182.20.0/24,44.182.21.0/24,44.182.61.0/24,yo2loj.go.ro"
# AMPR routes go to table 44
ip rule add from $MY_IP table 44
ip rule add to 44.0.0.0/8 table 44
# default AMPR reply route is in table 45
ip route add default via 169.228.34.84 dev tun44 table 45 onlink
# marke incoming and route replies via table 45
ip rule add fwmark 45 table 45
iptables -t mangle -A PREROUTING -i tun44 ! -s 44.0.0.0/8 -j CONNMARK
--set-mark 45
iptables -t mangle -A PREROUTING ! -i tun44 -m connmark --mark 45 -j
CONNMARK --restore-mark
# start ampr-ripd
ampr-ripd -s -t 44 -i tun44 -m 90 -a
44.182.20.0/24,44.182.21.0/24,44.182.61.0/24,yo2loj.go.ro
Here we use 2 tables, table 44 holds all ampr routes, table 45 only the
default gateway route for ampr.
- regular outgoing ampr connections go via 44
- regular ampr replies go via 44 because of "ip rule add to 44.0.0.0/8
table 44"
- incoming internet requests on the tunnel get connection marked,
replies with that connection mark get route mark 45, go to table 45
where they will be sent back via the ampr-gw
- because there is no default route in 44, if a connection is not found
for a specific route in that table, there will be a jump into the main
table where the local ones will be resolved as regular routes
The only adaptation needed to be done is the -a parameter to ignore the
local networks IF the router is behind NAT (otherwise it will do it
automatically)
BGP routed 44net traffic goes normally via the public IP (should be
NATed by the regular masquerade rule).
If you want it via ampr-gw just add a route into the main table:
ip route add 44.0.0.0/8 via via 169.228.34.84 dev tun44 onlink
I will put this into the EdgeRouter script as the default startup script.
Marius, YO2LOJ
On 05.03.2019 21:25, Rob Janssen wrote:
Unfortunately this is a detail that is soooooo easy to oversee that it
frequently happens.
But of course it is always educational to encounter this and fix it
yourself!
E.g. I recently helped someone with a MikroTik router to setup this
kind of policy routing
and on that router the direct routes to attached interfaces also only
appear in the main
routing table and not in those additional ones. There really should
be an option to do that
automatically, but until then indeed you have to add them manually.
The kernel would lookup the route in the main table when it cannot
find a route in the
additional table, but of course that only works when there is no
default route there.
And autorouting protocols like BGP won't distribute the route when it
is in the wrong table.
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net