I've got a few VLANs and would like to be able to reach a few hosts from one VLAN to the next. Supposedly this should work OOTB once the firewall is configured properly (I have forwardings setup between the two VLANs) but I think that my custom routing tables don't allow the routes to be automatically added. The custom routing tables routes all traffic on VLAN 2 to my wireguard interface (table 2) and VLAN 1 to wan (table 1).
Let's say I'm on VLAN 2 (br-vpn, 192.168.2.2) and would like to manually specify a route to a host on VLAN 1 (br-lan, 192.168.1.2), how would I do this? Create a third routing table, append a new route to table 2, etc.?
# uci show network; uci show firewall
network.globals=globals
network.globals.ula_prefix='ddc2:9aea:12b1::/48'
network.loopback=interface
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.device='lo'
network.lan=interface
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ipaddr='192.168.1.1'
network.lan.ip6assign='64'
network.lan.ip6ifaceid='::1'
network.lan.ip6hint='1'
network.lan.device='br-lan'
network.wan=interface
network.wan.proto='dhcp'
network.wan.device='eth0'
network.wan6=interface
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='56'
network.wan6.device='eth0'
network.wan6.sourcefilter='0'
network.wireguard=interface
network.wireguard.proto='wireguard'
network.wireguard.private_key='redacted'
network.wireguard.addresses='redacted/32' 'redacted/128'
network.wireguard.delegate='0'
network.@wireguard_wireguard[0]=wireguard_wireguard
network.@wireguard_wireguard[0].persistent_keepalive='25'
network.@wireguard_wireguard[0].public_key='redacted'
network.@wireguard_wireguard[0].endpoint_host='redacted'
network.@wireguard_wireguard[0].description='redacted'
network.@wireguard_wireguard[0].endpoint_port='51820'
network.@wireguard_wireguard[0].allowed_ips='0.0.0.0/0' '::/0'
network.@wireguard_wireguard[0].route_allowed_ips='1'
network.vpn=interface
network.vpn.proto='static'
network.vpn.ipaddr='192.168.2.1'
network.vpn.netmask='255.255.255.0'
network.vpn.dns='193.138.218.74'
network.vpn.device='br-vpn'
network.vpn.ip6ifaceid='::1'
network.vpn.ip6class='local'
network.vpn.delegate='0'
network.dmz=interface
network.dmz.proto='static'
network.dmz.ipaddr='192.168.3.1'
network.dmz.netmask='255.255.255.0'
network.dmz.ip6assign='64'
network.dmz.ip6ifaceid='::1'
network.dmz.ip6hint='3'
network.dmz.device='br-dmz'
network.dmz.ip6class='wan6'
network.iot=interface
network.iot.proto='static'
network.iot.ipaddr='192.168.4.1'
network.iot.ip6assign='64'
network.iot.ip6hint='4'
network.iot.ip6ifaceid='::1'
network.iot.netmask='255.255.255.0'
network.iot.device='br-iot'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].stp='1'
network.@device[0].ports='eth1'
network.@device[1]=device
network.@device[1].name='br-vpn'
network.@device[1].type='bridge'
network.@device[1].ports='eth1.2'
network.@device[2]=device
network.@device[2].name='br-dmz'
network.@device[2].type='bridge'
network.@device[2].ports='eth1.3'
network.@device[3]=device
network.@device[3].name='br-iot'
network.@device[3].type='bridge'
network.@device[3].ports='eth1.4'
network.@route[0]=route
network.@route[0].interface='wan'
network.@route[0].target='0.0.0.0/0'
network.@route[0].table='1'
network.@route6[0]=route6
network.@route6[0].interface='wan6'
network.@route6[0].target='::/0'
network.@route6[0].table='1'
network.@route6[1]=route6
network.@route6[1].interface='wireguard'
network.@route6[1].target='::/0'
network.@route6[1].table='2'
network.@rule[0]=rule
network.@rule[0].in='lan'
network.@rule[0].lookup='1'
network.@rule6[0]=rule6
network.@rule6[0].in='lan'
network.@rule6[0].lookup='1'
network.@rule6[1]=rule6
network.@rule6[1].in='vpn'
network.@rule6[1].lookup='2'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='dmz' 'lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[2]=zone
firewall.@zone[2].name='iot'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='iot'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[3]=zone
firewall.@zone[3].name='vpn'
firewall.@zone[3].output='ACCEPT'
firewall.@zone[3].network='vpn'
firewall.@zone[3].forward='REJECT'
firewall.@zone[3].input='ACCEPT'
firewall.@zone[4]=zone
firewall.@zone[4].name='wireguard'
firewall.@zone[4].input='REJECT'
firewall.@zone[4].output='ACCEPT'
firewall.@zone[4].forward='REJECT'
firewall.@zone[4].masq='1'
firewall.@zone[4].mtu_fix='1'
firewall.@zone[4].network='wireguard'
firewall.@zone[4].masq6='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='lan'
firewall.@forwarding[1].dest='vpn'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].src='lan'
firewall.@forwarding[2].dest='iot'
firewall.@forwarding[3]=forwarding
firewall.@forwarding[3].src='vpn'
firewall.@forwarding[3].dest='lan'
firewall.@forwarding[4]=forwarding
firewall.@forwarding[4].src='vpn'
firewall.@forwarding[4].dest='wireguard'
firewall.@forwarding[5]=forwarding
firewall.@forwarding[5].src='vpn'
firewall.@forwarding[5].dest='iot'
firewall.@forwarding[6]=forwarding
firewall.@forwarding[6].src='iot'
firewall.@forwarding[6].dest='wireguard'
firewall.@forwarding[7]=forwarding
firewall.@forwarding[7].src='iot'
firewall.@forwarding[7].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.nat6=include
firewall.nat6.path='/etc/firewall.nat6'
firewall.nat6.reload='1'
firewall.@forwarding[8]=forwarding
firewall.@forwarding[8].src='lan'
firewall.@forwarding[8].dest='wireguard'