On 2018-12-21 at 05:07 +0300, Ivan Shapovalov wrote:
> Hey,
>
> (I'm sorry if I'm writing to a wrong list but I don't see any other
> channels apart from #openwrt which is likely not watched by anyone.)
>
> I have a multi-uplink setup on a mt7621-based router (Xiaomi R3G).
> This setup uses two routing tables and connmark rules in mangle:
>
> == 8< ==
>
> # cat /etc/iproute2/rt_tables
> <...>
> 1 onl
> 2 rtk
>
> # cat /etc/config/network
> <...>
> config interface 'onl'
> <...>
> option ip4table 'onl'
>
> config interface 'rtk'
> <...>
> option ip4table 'rtk'
>
> config rule
> option priority '40000'
> option mark '1'
> option lookup 'onl'
>
> config rule
> option priority '40001'
> option mark '2'
> option lookup 'rtk'
>
> config rule
> option priority '40002'
> option mark '0'
> option lookup 'rtk'
>
> # cat /etc/firewall.user
> iptables -t mangle -F
> iptables -t mangle -X
> iptables -t mangle -N PREROUTING-NEW
>
> iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW -j
> PREROUTING-NEW
> iptables -t mangle -A PREROUTING-NEW -i eth0.2 -j CONNMARK --set-mark
> 1 # onl
> iptables -t mangle -A PREROUTING-NEW -i eth0.3 -j CONNMARK --set-mark
> 2 # rtk
> iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
>
> == 8< ==
>
> ("onl" and "rtk" are ISP names)
>
> Then, let's suppose we have two port forwarding rules:
>
> == 8< ==
>
> # cat /etc/config/firewall
> <...>
> config redirect
> option target 'DNAT'
> option src 'wan'
> option dest 'lan'
> option src_dport '12345'
> option dest_ip '10.196.254.2'
> option dest_port '12345'
> option name 'test'
> option proto 'tcp'
>
> config redirect
> option target 'DNAT'
> option src 'wan'
>
> option dest 'lan'
> option src_dport '80'
> option
> dest_ip '10.196.254.2'
> option dest_port '80'
> option name
> 'test'
> option proto 'tcp'
>
> == 8< ==
>
> Port 80 is handled by Nginx, port 12345 is handled by `python3 -m
> http.server 12345` (this is significant).
>
> The problem is: requests on port 12345 on both uplinks are correctly
> handled, but requests on port 80 are only responded on "rtk" uplink
> and
> time-out on "onl" uplink.
>
> Observations:
>
> If I change the catch-all routing rule (priority 40002) to point to
> "onl" table, the situation reverses.
>
> If I kill the Nginx worker (e. g. issue a reload), the response goes
> through.
>
> Everything works fine when offloading is completely disabled. (The
> problem manifests with either software or hardware offloading.)
>
> Any clues?
>
> Thanks,Anyone? Thanks, -- Ivan Shapovalov / intelfx /
signature.asc
Description: This is a digitally signed message part
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
