Routing guest network on DS-Lite interface

Hello,
i want to route my guest network 'GUEST' over the DS-Lite interface 'DSLite', while my LAN should still use the native IPv4.
I tried it with this forwarding rule

config forwarding
	option src 'GUEST'
	option dest 'DSLite'

But that failed. Does somebody know here what i have to do to get it working?
If some information is missing, i will gladly provide it.

Thanks all for your help :blush:

You need a policy routing rule. unfortunately at the moment the wiki is down and giving 404 not found errors for all pages. So I can't point you to the right info.

You mean this https://webcache.googleusercontent.com/search?q=cache:eP7692Qtb2AJ:https://openwrt.org/docs/guide-user/network/routing but to what you reference there? Can you be more specific?

yeah, that's more of a policy routing background article, what you want is the UCI configs to set up a rule and a separate route table so you can implement policy routing.

You need to make a route table for your guests, and then whenever traffic comes in on the guest interface look up the routing on that route table, where you'll list the gateway and the DSLite interface as the next hop.

Wiki I back online, here is the section on declaring rules
https://openwrt.org/docs/guide-user/network/ip_rules

And here on making route tables, declare a static route and give it the table option.

https://openwrt.org/docs/guide-user/network/routes_configuration

The basics of policy routing are to use rules to change which route table is used based on source information, like the interface your packet comes in on.

2 Likes

So i tryed to following the wiki, but everything i got was ipv4 broken on my guest network or everything (including my LAN which i don't want to route over that interface )routed via DS-Lite. Could you give me a example?

config 'route' 'guestroute'
option 'interface' 'guest' 
option 'target' '0.0.0.0' 
option 'netmask' '0.0.0.0' 
option 'gateway' 'GatewayHere'
option 'table' '100'

Will define table 100 and put a default route.

Then a rule telling it when packets come from guest use table 100.

config rule
option in 'guest' 
option lookup '100'

Should route all guest traffic using table 100

Thank you but it didn't work. DS Lite is a virutal interface and has no gateway, maybe that is the reason? I tried it with 192.0.0.2 which is the IP of the interface and without a gateway.
This is the config of the interface

config interface 'DSLite'
	option proto 'dslite'
	option peeraddr '2a02:908::35:4000'
	option mtu '1500'
	option defaultroute '0'

I know that the interface works because if i put this as route it gets routed over the interface

config route
	option interface 'DSLite'
	option target '8.8.8.8'

Thank for your help

I think for dslite you want 192.0.0.1 as the gateway

ok so just to clear mistakes by me
i did put that in network file

config 'route' 'guestroute'
	option 'interface' 'guest_turris' 
	option 'target' '0.0.0.0' 
	option 'netmask' '0.0.0.0' 
	option 'gateway' '192.0.0.1'
	option 'table' '100'

and this in the firewall file

config rule 'guest_dslite'
	option in 'guest_turris' 
	option lookup '100'

I had to reboot so that something does change, reloading the forwards and firewall was not enough it seems. But now DHCP is broken on the guest interface and i don't get IPv6 on the wan interface anymore. I will factory reset and maybe you could tell me if i did something wrong.

The website isn't very explicit but I'm pretty sure these policy routing rules go in network not firewall.

Ok i tried now to put everything in the network file, that way IPv6 and DHCP work but everything goes now via default gateway. What i noticed is that if i look at static routes, there is guest_turris as interface listed if i apply your config and not DSLite like if i route 8.8.8.8 via that interface.

The wiki is not super explicit how the uci options work, try changing the interface to dslite one. I know better how to do this on command line with IP command. See what you can do using the wiki info now that you are putting it in right place

1 Like

I'm sorry i was stupid and posted before trying it, i changed it to DSLite and it works now like i wanted.
So just for if this gets found by somebody who want to the same
putting it in /etc/config/network does do the magic

config route 'guestroute'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option gateway '192.0.0.1'
	option table '100'
	option interface 'DSLite'

config rule 'guest_dslite'
	option in 'guest_turris'
	option lookup '100'

Thank you dlakelan :+1:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.