Alexander / Aebian

Who am I?

Musician, Programmer, Linux Geek and what not.  more...

The Categories


Stuff

Arma CodeList
GitHub Projects
Media (Gallery)
Privacy Policy
My Hardware
My Wishlist

April 25th at 10:44pm
Report a website issue
For best viewing experience use a 4k screen.

nethavn Logo

❬ Back to Blog


Exclude specific IP from routing [Edgemax]


Want to exclude a specific IP from routing to make it accessible? e.g. if you have a modem in front of your Edgerouter with own IP and no bridge mode? Here's how

Hi guys,

Imagine a situation like this:

The modem is only there to provide internet.
The reason for this could be a bad isp (in my case I only get fibre this month on a new ISP).

So the Edgerouter is currently providing the internal infrastructure and firewall while the modem provides the eth0 wan connectivity.
In this case the internet has been first routed over vtun0 which encrypted the traffic over VPN. However access to the modem interface on 10.0.2.1 wasn't possible.

For this to get working you need to redo the firewall. You can adapt the code and fit your needs:


What this does is to route all traffic going to the subnet 10.0.2.0/24 directly to it and not over the vtun0 interface which would only be able to transmitt to the wan.
This is because the 10.0.2.0/24 subnet is not managed by the Edgerouter. Instead it is managed by the modem.

You can define more direct firewall routes this way. Just remember that your VPN interface e.g. vtun0 needs to have the highest priority.
This way you will ensure that traffic to the outside (WAN) will always go trough the VPN tunnel.

That's it!



Over and Out,

Aebian