OpenWrt 21.02: Implementing Policy Routing with IPset Based on MAC Addresses

OpenWrt Version Information

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='21.02-SNAPSHOT'
DISTRIB_REVISION='r0-6bf6af1d5'
DISTRIB_TARGET='mediatek/mt7981'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 21.02-SNAPSHOT r0-6bf6af1d5'
DISTRIB_TAINTS='no-all busybox override'

OpenWrt Configuration

Enable IPset Support

make menuconfig

make menuconfig

       Network  --->

           -*- ipset....................................... IPset administration utility

OpenWrt/.config Corresponding Configuration Items

CONFIG_PACKAGE_ipset=y

Enable IP-Full Support

make menuconfig

make menuconfig

       Network  --->

                 Routing and Redirection  --->  

                           <*> ip-full................................... Routing control utility (full)

OpenWrt/.config Corresponding Configuration Items

CONFIG_PACKAGE_ip-full=y

Implement Policy Routing Based on IP

MAC Address: 00:11:22:33:44:55 Terminal Corresponding IP is 192.168.1.120 uses wan

MAC Address: 00:11:22:33:44:66 Terminal Corresponding IP is 192.168.1.100 uses wanb

Note: wan and wanb need to be configured in the network.

Create MAC Set

ipset create wan hash:mac
ipset create wanb hash:mac

Add IP Addresses to Set

ipset add wan  <strong>00:11:22:33:44:55</strong>
ipset add wanb  <strong>00:11:22:33:44:66</strong>

Configure Policy Routing Rules

Use ip rule command to add policy routing rules, specifying the use of MAC addresses in the ipset collection to select specific routing tables.

ip rule add fwmark 1 table wan
ip rule add fwmark 2 table wanb

Configure iptables to Use IPset

Use iptables to configure firewall rules, marking the MAC addresses in the ipset collection for policy routing rules recognition.

iptables -t mangle -I PREROUTING -m mac --mac-source <strong>00:11:22:33:44:55</strong> -j MARK --set-mark 1
iptables -t mangle -I PREROUTING -m mac --mac-source <strong>00:11:22:33:44:66</strong> -j MARK --set-mark 2

Configure Routing

Add routes for the custom routing table.

ip route add table wan default via <strong>192.168.11.1</strong> dev lan1
ip route add table wanb default via <strong>10.71.128.110</strong> dev wwan0

View Configuration

ip rule show
ip route show table custom_route
ipset list
iptables -t mangle -L -v

IPset Command Description

Delete MAC Address

ipset del wan  <strong>00:11:22:33:44:55</strong>
ipset del wanb  <strong>00:11:22:33:44:66</strong>

Flush MAC Set

ipset flush wan
ipset flush wanb

Delete MAC Set

ipset destroy wan
ipset destroy wanb

Leave a Comment