[clug] routing advice needed

Andrew Smith andrew at coolchilli.com
Wed Dec 3 23:33:35 GMT 2003 

Kim,

A fairly simple source-routing request.

# Create another route table
echo "201 dmz.out" >> /etc/iproute2/rt_tables
# Mark packets matching the traffic flow you want
iptables -A PREROUTING -t mangle -i eth1 -s 2.2.2.0/24 -d 4.4.4.0/24 -j
MARK --set-mark 1
# Specify route table for marked traffic
ip rule add fwmark 1 table dmz.out
# Complete the new routing table
ip route add default via 1.1.1.1 table dmz.out

Be aware that as IP routing is generally destination driven the 1.1.1.1
router needs to think the 4.4.4.0/24 subnet is via the internet for this to
work.  Also, interface state changes on eth0 may remove the route entry from
table dmz.out, this happens to me where eth0 is ppp and it drops.

To remove the circular route issues (for statefull firewalling etc.), the
4.4.4.0/24 side of the VPN should think 2.2.2.0/24 is via the internet.

Regards
Andrew

> -----Original Message-----
> From: linux-bounces+andrew=coolchilli.com at lists.samba.org
> [mailto:linux-bounces+andrew=coolchilli.com at lists.samba.org]On Behalf Of
> Kim Holburn
> Sent: Wednesday, 3 December 2003 8:02 PM
> To: Linux user group
> Subject: [clug] routing advice needed
>
>
> For you router guys out there I need some advice.
>
> I have a machine with 3 interfaces.
>
> eth0 -> 1.1.1.0/26 -> 1.1.1.1 -> internet
>
> eth1 -> 2.2.2.0/24 -> 2.2.2.0/24
>                    -> 2.2.2.2 -> VPN to 4.4.4.0/24
>
> eth2 -> 3.3.3.0/24 -> internal net
>
>
> default route is -> eth0 1.1.1.1
>
> if I have a packet from eth2 to the special subnet 4.4.4.0/24 I
> want to it to go via a gateway on eth1 2.2.2.2 (say a VPN) but
>
> if I have a packet from eth1 to 4.4.4.0/24 I want it to go via
> the default route (eth0).
>
> I use the command:
> ip route 4.4.4.0/24 via 2.2.2.2 from 3.3.3.0/24
>
> but what I get is the same as if I ran:
>
> ip route 4.4.4.0/24 via 2.2.2.2
>
> Anyone have an idea how to do that?
> --
> --
> Kim Holburn
> Network Consultant - Telecommunications Engineering
> Research School of Information Sciences and Engineering
> Australian National University - Ph: +61 2 61258620 M: +61 0417820641
> Email: kim.holburn at anu.edu.au  - PGP Public Key on request
>
> Life is complex - It has real and imaginary parts.
>      Andrea Leistra (rec.arts.sf.written.Robert-jordan)
>
>

More information about the linux mailing list