Hello all
can you help with this .
default via x.x.x. dev eth3 proto static metric 40
10.0.0.0/8 via 10.78.13.10 dev eth0 proto static metric 56
10.0.70.48/29 via 10.78.15.10 dev eth2 proto bird metric 32
10.0.71.192/27 via 10.78.15.10 dev eth2 proto bird metric 32
10.78.13.0/24 dev eth0 proto static scope link metric 56
10.78.14.0/24 dev eth1 proto static scope link metric 52
10.78.15.0/24 dev eth2 proto static scope link metric 50
10.78.16.0/20 via 10.78.15.10 dev eth2 proto bird metric 32
10.78.20.0/24 via 10.78.15.10 dev eth2 proto bird metric 32
10.78.21.0/24 via 10.78.15.10 dev eth2 proto bird metric 32
10.78.22.0/24 via 10.78.15.10 dev eth2 proto bird metric 32
10.78.89.0/24 dev wg0 proto kernel scope link src 10.78.89.1
10.78.89.58 dev wg0 proto static scope link
10.78.90.0/24 dev tun0 proto kernel scope link src 10.78.90.1
10.78.91.0/24 dev tun1 proto kernel scope link src 10.78.91.1
155.,x,x,29 dev eth3 proto static scope link metric 40
172.16.0.0/12 via 10.78.13.10 dev eth0 proto static metric 56
192.168.0.0/16 via 10.78.13.10 dev eth0 proto static metric 56
i can no longer connect to a remote network 10.0.70.54. this ip connects to an interface on my lan router with an ip of 10.0.70.49
my setup is this.
two routers wan0 and lan0
lan0 has multiple interfaces of which 10.0.70.49 is one of them.
10.0.70.49 is connected to 10.0.70.54 via layer 2 link. before now i could ping the 10.0.70.54 (my gateway)
this gateway 10.0.70.54 can be reached via routing table created for just this network. below is the routing information
default via 10.0.70.54 dev eth7 proto static metric 58
10.0.0.0/16 via 10.0.70.54 dev eth7 proto static src 10.0.70.49 metric 58 onlink
10.0.70.48/29 dev eth7 proto static scope link metric 58
10.0.71.192/27 dev eth7 proto static scope link metric 58
this is the lan0 routing table for this network.
while the first routing information is for the wan0 router.
this interface is natted and firewall applied.
everything has been working until now.
i am new to routing and hence need help in determining if the issue is from my network or if its external.
below is my firewall config on lan router
root@lan0-qu:~# cat /etc/config/firewall
config include
option type 'nftables'
option path '/etc/acl/rules/input.nft'
option position 'chain-pre'
option chain 'input'
option enabled '0'
config include
option type 'nftables'
option path '/etc/acl/rules/forward.nft'
option position 'chain-pre'
option chain 'forward'
option enabled '0'
config include
option type 'script'
option path '/etc/acl/bin/acl.sh'
option fw4_compatible '1'
option enabled '0'
config include
option type 'script'
option path '/etc/acl/bin/o365.sh'
option fw4_compatible '1'
option enabled '0'
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'def'
list network 'dmz'
list network 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list masq_dest '10.78.12.0/22'
list masq_src '10.78.88.0/22'
config zone
option name 'guest'
list network 'pcmn'
list network 'dakaka'
list network 'home'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'customs'
list network 'customs'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding
option src 'wan'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'guest'
config forwarding
option src 'lan'
option dest 'customs'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'customs'
option dest 'wan'
config forwarding
option src 'customs'
option dest 'customs'
config rule 'input_dns_dhcp'
option name 'input_dns_dhcp'
option src '*'
option proto 'tcpudp'
option dest_port '53 67:68'
option target 'ACCEPT'
option family 'ipv4'
config redirect 'redirect_dns_lan'
option name 'redirect_dns_lan'
option src 'lan'
option dest 'wan'
option proto 'tcpudp'
option src_dport '53'
option family 'ipv4'
option dest_ip '127.0.0.1'
option ipset '!dns_servers src'
option enabled '0'
config redirect 'redirect_dns_guest'
option name 'redirect_dns_guest'
option src 'guest'
option dest 'wan'
option proto 'tcpudp'
option src_dport '53'
option family 'ipv4'
option dest_ip '127.0.0.1'
option ipset '!dns_servers src'
option enabled '0'
config redirect 'redirect_dns_customs'
option name 'redirect_dns_customs'
option src 'customs'
option dest 'wan'
option proto 'tcpudp'
option src_dport '53'
option family 'ipv4'
option dest_ip '127.0.0.1'
option ipset '!dns_servers src'
my wan firewall config
root@wan0-qu:~# cat /etc/config/firewall
config include
option type 'nftables'
option path '/etc/acl/bin/user_pre_input.nft'
option position 'chain-pre'
option chain 'input'
option enabled '1'
config include
option type 'nftables'
option path '/etc/acl/bin/user_pre_forward.nft'
option position 'chain-pre'
option chain 'forward'
option enabled '1'
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'def'
list network 'dmz'
list network 'lan'
list network 'wg0'
list network 'tun0'
list network 'tun1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list masq_dest '10.78.12.0/22'
config zone
option name 'wan'
list network 'wan1'
list network 'wan2'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding 'lan_to_wan'
option src 'lan'
option dest 'wan'
config redirect 'redirect_ssh_lan'
option name 'redirect_ssh_lan'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8021'
option dest_port '8022'
option dest_ip '10.78.13.10'
option target 'DNAT'
config redirect 'redirect_ssh_host'
option name 'redirect_ssh_host'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8020'
option dest_port '8022'
option dest_ip '10.78.13.1'
option target 'DNAT'
config redirect 'redirect_pbx_sip'
option name 'redirect_pbx_sip'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '5063'
option family 'ipv4'
option dest_ip '10.78.16.54'
option target 'DNAT'
config redirect 'redirect_pbx_rtp'
option name 'redirect_pbx_rtp'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '10000:20000'
option dest_ip '10.78.16.54'
option family 'ipv4'
option target 'DNAT'
config redirect 'redirect_nvr_http'
option name 'redirect_nvr_http'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8888'
option dest_port '80'
option dest_ip '10.78.16.59'
option family 'ipv4'
option target 'DNAT'
config redirect 'redirect_nvr_rstp'
option name 'redirect_nvr_rstp'
option src 'wan'
option dest 'lan'
option proto 'tcpudp'
option src_dport '10554'
option dest_ip '10.78.16.59'
option family 'ipv4'
option target 'DNAT'
config redirect 'redirect_nvr_control'
option name 'redirect_nvr_control'
option src 'wan'
option dest 'lan'
option proto 'tcpudp'
option src_dport '8000'
option dest_ip '10.78.16.59'
option family 'ipv4'
option target 'DNAT'
plus a couple of nftable rules.
please can someone look at my config and see if there is something wrong.
my lan and wan routers are configured with bird routing daemon
while a separate routing table was created for this specific connection