Pbr forward issues and nft qos

xize · February 2, 2023, 11:16am

Hi there!,

So today I was noticing some strange behaviour on my network and figured out something in PBR package blocks my situation.

so I have a pcnet vlan and its own firewall zone 10.49.11.1/24 and the native vlan 10.234.53.1/24 which is the lan network.

My managed switch is on 10.234.53.10, so I added a traffic firewall rule to forward any traffic from pcnet to lan with remote ip 10.234.53.10.

Normally this should work fine, but when I use PBR for some reason it keeps preventing me to comnunicate with the other route even when the lock script is done, does that mean that I have to use PBR now and not fw4?, Or do I have to add the other routes too?

Currently pcnet routes through wg, while lan goes through wan in PBR.

I also tried to use nft-qos it seems to only work when I stop pbr or when pbr routes through wg other interfaces will not work.

Any work arounds for this?, Or did I stumbled on a bug?

Im using OpenWrt 22.3.3 release.

trendy · February 2, 2023, 12:18pm

You can use the IGNORE target for the internal traffic. However if everything is set up correctly, they should be detected and added in each routing table.
What is the output of : ip -4 addr; ip -4 ro list table all; ip -4 ru ?

xize · February 2, 2023, 2:01pm

the ignore rule seems to work splendid! thanks.

I tried to upgrade to a openwrt snapshot and went back for some reason the QoS has been solved now too.

system · February 12, 2023, 2:01pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.