[Solved]Configure Policy based routing for transparent proxy

[tamasbalogh]

Hi all,

I successfully set up pbr for my local transparent proxy on my RT-AX88U, however one part is still remained as a question.
I couldn't add a new table to /etc/iproute2/rt_tables because its from ROM.
So for a test, I just ended up picking one of the built in tables, but I'm not happy with this since those are all reserved ones:

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
116 wgc1
117 wgc2
118 wgc3
119 wgc4
120 wgc5
200 wan1

Do you have any recommendation how to solve this, i.e. adding a table "dynamically", or is there an option for a workaround for such a thing?

I don't know so much the internals of Merlin FW sadly to succeed here on my own

Thank you in advance!

 

[RMerlin]

rt_tables only serves to associate a name with a table ID for clearer output. You are free to create any new table directly by specifying the table ID you want to use, no need for it to exist in rt_tables.

 

[tamasbalogh]

Can you please tell how exactly you mean to create a new table in this case?
Thank you in advance!

 

[tamasbalogh]

Or you mean simply to refer to my chosen table ID in the ip route and ip rule commands without anything else needed?

 

[RMerlin]

Or you mean simply to refer to my chosen table ID in the ip route and ip rule commands without anything else needed?

Just refer to them, tables don't need to be explicitely created.

 

[Martineau]

Or you mean simply to refer to my chosen table ID in the ip route and ip rule commands without anything else needed?

If you prefer to reference your custom tables with human friendly descriptions then you can 'overwrite' the firmware file....

Before.....

cat /etc/iproute2/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
116 wgc1
117 wgc2
118 wgc3
119 wgc4
120 wgc5
200 wan1

Clone the original default firmware entries

cp /etc/iproute2/rt_tables /jffs/configs/rt_tables

cat /jffs/configs/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
116 wgc1
117 wgc2
118 wgc3
119 wgc4
120 wgc5
200 wan1

Append your custom entries

echo 222 MyTable >> /jffs/configs/rt_tables

cat /jffs/configs/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
116 wgc1
117 wgc2
118 wgc3
119 wgc4
120 wgc5
200 wan1

222 MyTable

Now 'overwrite' the read-only firmware file

mount -o bind /jffs/configs/rt_tables /etc/iproute2/rt_tables

After.....

cat /etc/iproute2/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
116 wgc1
117 wgc2
118 wgc3
119 wgc4
120 wgc5
200 wan1

222 MyTable

 

[RMerlin]

The binding mount will need to be redone at each reboot, and early enough so it occurs before you start referring to these table names.

You will also need to keep track of any potential upstream changes. For instance 3006 changed the existing table IDs to harmonize them with Asus' own tables.