route icmp packages through public_gateway if available

a6e187ba · Stephan · d8d1fd89 · a6e187ba
Commit a6e187ba authored Jul 05, 2020 by Stephan
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 2 deletions

salt/freifunk/base/network/etc/init.d/S40network salt/freifunk/base/network/etc/init.d/S40network +11 -2

No files found.
--- a/salt/freifunk/base/network/etc/init.d/S40network
+++ b/salt/freifunk/base/network/etc/init.d/S40network
@@ -43,9 +43,18 @@ setup_routing() {
 	# special DNS routing, always via public tunnel if exist.
 	ip rule "$1" lookup public_dns priority 350

+	# do not route locally generated icmp-frag-needed for
+	# connections via vpn tunnel through local interface.
+	# Sending packages with internet destinations and locale
+	# source ip (from vpn tunnel provider) lead to blocking
+	# server public ip by Hetzner.
+	# This rule also would send local generated icmp (pings)
+	# only through vpn tunnel if we have an public_gateway selected.
+	ip rule "$1" iif lo ipproto icmp table public_gateway prio 410 
+
 	#route local and lan traffic through own internet gateway
-	ip rule "$1" iif lo table local_gateway priority 400
-	ip rule "$1" table public_gateway priority 401
+	ip rule "$1" iif lo table local_gateway priority 420
+	ip rule "$1" table public_gateway priority 430

 	#batman tables
 	ip rule "$1" to 10.200.0.0/15 table bat_route priority 500