This is an old revision of the document!


Routing example: PBR app

PBR app provides an advanced policy-based routing solution.

Install and enable PBR app.

# Install packages
opkg update
opkg install pbr
 
# Enable PBR
uci set pbr.config.enabled="1"
uci set pbr.config.resolver_ipset="none"
uci set pbr.config.webui_show_ignore_target="1"
uci commit pbr
/etc/init.d/pbr restart

If you want to manage PBR settings using web interface. Install the necessary packages.

# Install packages
opkg update
opkg install luci-app-pbr
/etc/init.d/rpcd restart

Disable gateway redirection in the VPN client configuration. Route LAN 192.168.1.0/24 to VPN.

# Route LAN to VPN
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.0/24"
uci set pbr.@policy[-1].interface="vpn"
uci commit pbr
/etc/init.d/pbr restart

Forward WAN port to a webserver running on 192.168.3.2. Arrange this policy above more generic ones.

# Forward WAN port
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.2"
uci set pbr.@policy[-1].src_port="443"
uci set pbr.@policy[-1].proto="tcp"
uci set pbr.@policy[-1].interface="wan"
uci reorder pbr.@policy[-1]="0"
uci commit pbr
/etc/init.d/pbr restart

Possible race conditions can disrupt routing between local networks. Configure exception for local networks 192.168.1.0/24 and 192.168.3.0/24. Arrange this policy above all others.

# Ignore local destinations
uci add pbr policy
uci set pbr.@policy[-1].dest_addr="192.168.1.0/24 192.168.3.0/24"
uci set pbr.@policy[-1].interface="ignore"
uci reorder pbr.@policy[-1]="0"
uci commit pbr
/etc/init.d/pbr restart
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/09/07 19:41
  • by vgaetera