OpenWrt 21.02: Implementing Policy Routing with IPset Based on MAC Addresses

OpenWrt 21.02: Implementing Policy Routing with IPset Based on MAC Addresses

by

OpenWrt Version Information

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='21.02-SNAPSHOT'
DISTRIB_REVISION='r0-6bf6af1d5'
DISTRIB_TARGET='mediatek/mt7981'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 21.02-SNAPSHOT r0-6bf6af1d5'
DISTRIB_TAINTS='no-all busybox override'

OpenWrt Configuration

Enable IPset Support

make menuconfig

make menuconfig

       Network  --->

           -*- ipset....................................... IPset administration utility

OpenWrt/.config Corresponding Configuration Items

CONFIG_PACKAGE_ipset=y

Enable IP-Full Support

make menuconfig

make menuconfig

       Network  --->

                 Routing and Redirection  --->  

                           <*> ip-full................................... Routing control utility (full)

OpenWrt/.config Corresponding Configuration Items

CONFIG_PACKAGE_ip-full=y

Implement Policy Routing Based on IP

MAC Address: 00:11:22:33:44:55 Terminal Corresponding IP is 192.168.1.120 uses wan

MAC Address: 00:11:22:33:44:66 Terminal Corresponding IP is 192.168.1.100 uses wanb

Note: wan and wanb need to be configured in the network.

Create MAC Set

ipset create wan hash:mac
ipset create wanb hash:mac

Add IP Addresses to Set

ipset add wan  00:11:22:33:44:55
ipset add wanb  00:11:22:33:44:66

Configure Policy Routing Rules

Use ip rule command to add policy routing rules, specifying the use of MAC addresses in the ipset collection to select specific routing tables.

ip rule add fwmark 1 table wan
ip rule add fwmark 2 table wanb

Configure iptables to Use IPset

Use iptables to configure firewall rules, marking the MAC addresses in the ipset collection for policy routing rules recognition.

iptables -t mangle -I PREROUTING -m mac --mac-source 00:11:22:33:44:55 -j MARK --set-mark 1
iptables -t mangle -I PREROUTING -m mac --mac-source 00:11:22:33:44:66 -j MARK --set-mark 2

Configure Routing

Add routes for the custom routing table.

ip route add table wan default via 192.168.11.1 dev lan1
ip route add table wanb default via 10.71.128.110 dev wwan0

View Configuration

ip rule show
ip route show table custom_route
ipset list
iptables -t mangle -L -v

IPset Command Description

Delete MAC Address

ipset del wan  00:11:22:33:44:55
ipset del wanb  00:11:22:33:44:66

Flush MAC Set

ipset flush wan
ipset flush wanb

Delete MAC Set

ipset destroy wan
ipset destroy wanb

Related posts:

  1. Essential Debugging Techniques in Android Studio
  2. How to Implement Wake-on-LAN on OpenWrt
  3. Deploying OpenWrt 23.05.3 on VMware ESXi

Leave a Comment

×