Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
docs:guide-user:network:routing:examples:pbr_app [2023/09/07 19:43] – [Ignore local destinations] vgaeteradocs:guide-user:network:routing:examples:pbr_app [2023/09/07 22:17] (current) – move to docs:guide-user:network:routing:pbr_app vgaetera
Line 1: Line 1:
-====== Routing example: PBR app ====== 
-{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}} 
- 
-===== Introduction ===== 
-[[https://docs.openwrt.melmac.net/pbr/|PBR app]] provides an advanced policy-based routing solution. 
- 
-===== Command-line instructions ===== 
-Install and enable PBR app. 
- 
-<code bash> 
-# Install packages 
-opkg update 
-opkg install pbr 
- 
-# Enable PBR 
-uci set pbr.config.enabled="1" 
-uci set pbr.config.resolver_ipset="none" 
-uci set pbr.config.webui_show_ignore_target="1" 
-uci commit pbr 
-/etc/init.d/pbr restart 
-</code> 
- 
-===== Extras ===== 
-==== Web interface ==== 
-If you want to manage PBR settings using web interface. 
-Install the necessary packages. 
- 
-<code bash> 
-# Install packages 
-opkg update 
-opkg install luci-app-pbr 
-/etc/init.d/rpcd restart 
-</code> 
- 
-==== Route LAN to VPN ==== 
-[[https://docs.openwrt.melmac.net/pbr/#a-word-about-default-routing|Disable gateway redirection]] in the VPN client configuration. 
-Route LAN ''192.168.1.0/24'' to VPN. 
- 
-<code bash> 
-# Route LAN to VPN 
-uci add pbr policy 
-uci set pbr.@policy[-1].src_addr="192.168.1.0/24" 
-uci set pbr.@policy[-1].interface="vpn" 
-uci commit pbr 
-/etc/init.d/pbr restart 
-</code> 
- 
-==== Forward WAN port ==== 
-Forward WAN port to a webserver running on ''192.168.3.2''. 
-Arrange this policy above more generic ones. 
- 
-<code bash> 
-# Forward WAN port 
-uci add pbr policy 
-uci set pbr.@policy[-1].src_addr="192.168.1.2" 
-uci set pbr.@policy[-1].src_port="443" 
-uci set pbr.@policy[-1].proto="tcp" 
-uci set pbr.@policy[-1].interface="wan" 
-uci reorder pbr.@policy[-1]="0" 
-uci commit pbr 
-/etc/init.d/pbr restart 
-</code> 
- 
-==== Ignore local destinations ==== 
-Possible race conditions can disrupt routing between local networks. 
-Configure exception for local destinations ''192.168.1.0/24'' and ''192.168.3.0/24''. 
-Arrange this policy above all others. 
- 
-<code bash> 
-# Ignore local destinations 
-uci add pbr policy 
-uci set pbr.@policy[-1].dest_addr="192.168.1.0/24 192.168.3.0/24" 
-uci set pbr.@policy[-1].interface="ignore" 
-uci reorder pbr.@policy[-1]="0" 
-uci commit pbr 
-/etc/init.d/pbr restart 
-</code> 
  
  • Last modified: 2023/09/07 19:43
  • by vgaetera