Help with routing traffic on vlan with ebtables/iptables

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
View previous topic :: View next topic  
Author Message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Sun Jul 24, 2011 21:08    Post subject: Reply with quote
That route command won't do anything if the tunnel isn't up, and once the tunnel goes down the route will become invalid and be removed. You need to put the commands in your ip-up script for PPTP so that they are executed every time the tunnel comes up. Search for more info, iirc it's /tmp/pptpd/ip-up.sh by default and you will need to echo the commands into the script or replace it with a saved copy that has your commands.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
Sponsor
paranoid87
DD-WRT Novice


Joined: 05 Aug 2006
Posts: 46
PostPosted: Thu Aug 11, 2011 19:26    Post subject: Reply with quote
phuzi0n wrote:
That route command won't do anything if the tunnel isn't up, and once the tunnel goes down the route will become invalid and be removed. You need to put the commands in your ip-up script for PPTP so that they are executed every time the tunnel comes up. Search for more info, iirc it's /tmp/pptpd/ip-up.sh by default and you will need to echo the commands into the script or replace it with a saved copy that has your commands.


phuzion, i need your help, as per your suggestion i did the below:

i changed the original command posted in the first page to 2 parts, 1 part in firewall is this:

echo "sleep 40" > /tmp/firewall_script.sh
echo "for i in ebtables ebt_mark ebtable_filter ebtable_nat; do insmod \$i; done" >> /tmp/firewall_script.sh
echo "ebtables -t nat -F" >> /tmp/firewall_script.sh
echo "iptables -t mangle -F" >> /tmp/firewall_script.sh
echo "ebtables -t nat -A PREROUTING -i wl0.2 -j mark --set-mark 4" >> /tmp/firewall_script.sh
echo "ebtables -t nat -A PREROUTING -i vlan1 -j mark --set-mark 4" >> /tmp/firewall_script.sh

chmod +x /tmp/firewall_script.sh
sh /tmp/firewall_script.sh &

i then echoed the other route commands to ip-up:


echo "ip rule del from 0/0 fwmark 4 lookup 4" >> /tmp/pptpd_client/ip-up
echo "ip route flush table 4" >> /tmp/pptpd_client/ip-up
echo "ip route show table main | grep -Ev ^default | while read ROUTE; do ip route add table 4 \$ROUTE; done" >> /tmp/pptpd_client/ip-up
echo "ip route add table 4 default dev ppp0" >> /tmp/pptpd_client/ip-up
echo "ip rule add fwmark 4 table 4" >> /tmp/pptpd_client/ip-up
echo "ip route flush cache" >> /tmp/pptpd_client/ip-up

so now this should ideally work right? but it looks like the route commands added to ip-up disappear on reboot of router.

any ideas?

thanks!
Back to top View user's profile Send private message
paranoid87
DD-WRT Novice


Joined: 05 Aug 2006
Posts: 46
PostPosted: Thu Aug 11, 2011 19:27    Post subject: Reply with quote
and btw, my ip-up displays this default:


root@e3000:~# cat /tmp/pptpd_client/ip-up
#!/bin/sh
REMOTESUB=$(/usr/sbin/nvram get pptpd_client_srvsub)
REMOTENET=$(/usr/sbin/nvram get pptpd_client_srvsubmsk)
case "$6" in
kelokepptpd)
/sbin/route add -net $REMOTESUB netmask $REMOTENET dev $1
/usr/sbin/iptables --insert OUTPUT --source 0.0.0.0/0.0.0.0 --destination $REMOTESUB/$REMOTENET --jump ACCEPT --out-interface $1
/usr/sbin/iptables --insert INPUT --source $REMOTESUB/$REMOTENET --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface $1
/usr/sbin/iptables --insert FORWARD --source 0.0.0.0/0.0.0.0 --destination $REMOTESUB/$REMOTENET --jump ACCEPT --out-interface $1
/usr/sbin/iptables --insert FORWARD --source $REMOTESUB/$REMOTENET --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface $1
/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
if [ "$(/usr/sbin/nvram get pptpd_client_nat)" = "1" ]; then
/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $1 --jump MASQUERADE
fi
;;
*)
esac
exit 0
Back to top View user's profile Send private message
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum