This is an old revision of the document!
Routing example: PBR app
Introduction
PBR app provides an advanced policy-based routing solution.
Command-line instructions
Install and enable PBR app.
# Install packages opkg update opkg install pbr # Enable PBR uci set pbr.config.enabled="1" uci set pbr.config.resolver_ipset="none" uci set pbr.config.webui_show_ignore_target="1" uci commit pbr /etc/init.d/pbr restart
Extras
Web interface
If you want to manage PBR settings using web interface. Install the necessary packages.
# Install packages opkg update opkg install luci-app-pbr /etc/init.d/rpcd restart
Route LAN to VPN
Disable gateway redirection in the VPN client configuration.
Route LAN 192.168.1.0/24 to VPN.
# Route LAN to VPN uci add pbr policy uci set pbr.@policy[-1].src_addr="192.168.1.0/24" uci set pbr.@policy[-1].interface="vpn" uci commit pbr /etc/init.d/pbr restart
Forward WAN port
Forward WAN port to a webserver running on 192.168.3.2.
Arrange this policy above more generic ones.
# Forward WAN port uci add pbr policy uci set pbr.@policy[-1].src_addr="192.168.1.2" uci set pbr.@policy[-1].src_port="443" uci set pbr.@policy[-1].proto="tcp" uci set pbr.@policy[-1].interface="wan" uci reorder pbr.@policy[-1]="0" uci commit pbr /etc/init.d/pbr restart
Ignore local networks
Possible race conditions can disrupt routing between local networks.
Configure exception for local networks 192.168.1.0/24 and 192.168.3.0/24.
Arrange this policy above all others.
# Ignore local networks uci add pbr policy uci set pbr.@policy[-1].dest_addr="192.168.1.0/24 192.168.3.0/24" uci set pbr.@policy[-1].interface="ignore" uci reorder pbr.@policy[-1]="0" uci commit pbr /etc/init.d/pbr restart