Hello,
I'm configuring a routeur which has 2 WAN, one being a tunnel over gre
which is for bgp session accepting all ipv6 routes. I have 2 interfaces,
eth0 which has 2 ipv6 addresses and gretunnel which has one ipv6 address.
Problem is that incoming ipv6 traffic to eth0 is going out through
gretunnel. My rules are
fwtables="sudo nft"
myip="sudo ip"
# nft table mangle ip and ip6
#
$fwtables delete table ip mangle 2>/dev/null || true
$fwtables delete table ip6 mangle 2>/dev/null || true
$fwtables add table ip mangle 2>/dev/null || true
$fwtables add table ip6 mangle 2>/dev/null || true
$fwtables add chain ip6 mangle output "{ type nat hook output priority
-150 ; policy accept ; }"
$fwtables add rule ip6 mangle output oifname != gretunnel meta mark set
0x254
$fwtables add rule ip6 mangle output oifname gretunnel meta mark set 0x2
# nft table route
#
$fwtables add table ip6 route
$fwtables add chain ip6 route output
$fwtables add rule ip6 route output meta oif gretunnel meta mark != 0x2
counter drop
# ip route mark
#
$myip rule add fwmark 0x254 table default
$myip rule add fwmark 0x2 table isp2
$myip route flush table isp2
$myip route add prohibit default table isp2
What is wrong with this setup ?
--
Daniel Huhardeaux
+33.368460088@xxxxxxxxxx sip:820@xxxxxxxxxxxxxx
+41.445532125@xxxxxxxxxxxxxx tootaiNET
