JFFS Scripts not loading?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BenC

Occasional Visitor
Hi. For years I've successfully had a nat-start script running in my /jffs/scripts folder. The simple script ran all my port 80/443/8443 traffic through my openVPN connection, and left the rest (ie, gaming) untouched.

Recently, despite no updates/changes, it seems this script is no longer loading/working, even when called manually. All traffic is run through the vpn. IP192.168.0.210 is exempted from these rules.

Code:
#!/bin/sh

sleep 2

ip rule del fwmark 0x1000
ip rule add fwmark 0x1000 table 111 prio 9991
ip route flush cache


iptables -t mangle -D PREROUTING -i br0 ! -s $(nvram get lan_ipaddr) -p tcp -m multiport --dport 80,443,8443 -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -A PREROUTING -i br0 ! -s $(nvram get lan_ipaddr) -p tcp -m multiport --dport 80,443,8443 -j MARK --set-mark 0x1000/0x1000

iptables -t mangle -D PREROUTING -i br0 -m iprange --src-range 192.168.0.210 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.0.210 -j MARK --set-mark 1

exit 1

Running on an RT-AC-86U, merlin firmware 386.x.

Any ideas? Thanks.
 

eibgrad

Very Senior Member
Good start to see the rules, but where they applied? IOW, did you dump the firewall and verify they are there? Also, what's in table 111? Is that correct as well? Is the rule there too? There's just not enough here to see the full picture.

Code:
iptables -t mangle -vnL PREROUTING
ip route show table 111
ip rule show
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top