Page MenuHomeVyOS Platform
Create Task
Maniphest T5908

Unable to reach WAN-IP from LAN with dhcp-interface
Closed, WontfixPublicBUG
Actions

Description

Hi,

I noticed that my WAN IP became unreachable from within the LAN when I had a default route in a secondary routing table with dhcp-interface, e.g.

set protocols static table 10 route 0.0.0.0 dhcp-interface eth0

I managed to narrow it down to vyatta-cfg-quagga/scripts/vyatta-static-dhcp.pl:

if (($oip ne $nip) && ($table ne "main") && ($route eq "0.0.0.0/0")) {
    my $mark = 0x7fffffff + $table;
    if ($oip ne "") {
        system("sudo /sbin/iptables -t mangle -D OUTPUT -s $oip/32 -j MARK --set-mark $mark");
    }
    if (($nip ne "") && ($nip ne "127.0.0.1")) {
        system("sudo /sbin/iptables -t mangle -D OUTPUT -s $nip/32 -j MARK --set-mark $mark");
        system("sudo /sbin/iptables -t mangle -I OUTPUT -s $nip/32 -j MARK --set-mark $mark");
    }
}

Marking the WAN IP here does not seem to scale well, if the same rule is used across multiple table only the first rule will be matched in iptables. Which could result in blackholed reply packets.

And, logically, why is packets originating from the router being marked and using secondary tables? That should only apply to forwarded packets, no?

Details

Version
1.3.4
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

Waester created this task.Jan 8 2024, 10:41 AM
Waester updated the task description. (Show Details)Jan 8 2024, 10:53 AM
Waester updated the task description. (Show Details)Jan 8 2024, 11:04 AM
pasik subscribed.Jan 8 2024, 11:53 AM
Viacheslav triaged this task as Normal priority.Jan 20 2024, 2:08 PM
Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:17 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.8); removed VyOS 1.3 Equuleus (1.3.7).May 13 2024, 7:31 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.9); removed VyOS 1.3 Equuleus (1.3.8).Jun 20 2024, 10:18 AM
dmbaturin added a project: Restricted Project.Sep 16 2024, 4:15 PM
dmbaturin edited projects, added VyOS Rolling, VyOS 1.5 Circinus; removed Restricted Project.Oct 14 2024, 9:10 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).
vyosbot added a project: Bugs.Oct 14 2024, 11:32 AM
syncer removed projects: VyOS 1.5 Circinus, VyOS Rolling.Nov 1 2024, 2:05 PM
syncer closed this task as Wontfix.Nov 1 2024, 2:35 PM
syncer claimed this task.