PBR: bypass domain with killswitch

Hello!,

So I'm trying to split tunnel some domains so it doesn't use my wireguard.

under normal circumstances this should work when the traditional firewall zone config forwarded to both zones wan and wgclient, however I decided to change the firewall zone forwards a little and removed wan entirely so it works like a better killswitch.

some screenshots to highlight what I mean (the last 3 rules):
PBR:

10.234.53.1_4343_cgi-bin_luci_admin_services_pbr940×1265 73.3 KB

and firewall zones:

10.234.53.1_4343_cgi-bin_luci_admin_network_firewall940×697 61.7 KB

basicly what I want is for the network pcnet (firewall zone pcnet and network: 10.34.79.0/24) to preroute to wan for those domains, however I keep getting connection refused messages, I was thinking to put a forward after it as shown in the screenshot but that seems not to work, in PBR I forgot to add src ip for pcnet but im aware of that

help is much appreciated!

thanks

I figured it out !

the reason why my split tunnel was not working was indeed because it wasn't forwarded from zone pcnet to zone wan because pcnet only was allowed to forward to zone wgclient.

the solution was very easy:

I had to type ip rule to see the firewall marks for table pbr_wan, then the solution was very easily create a traffic rule like this where the firewall mark is the one for pbr_wan:

image993×166 12.5 KB

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.