[clug] routing advice needed
andrew at coolchilli.com
Wed Dec 3 23:33:35 GMT 2003
A fairly simple source-routing request.
# Create another route table
echo "201 dmz.out" >> /etc/iproute2/rt_tables
# Mark packets matching the traffic flow you want
iptables -A PREROUTING -t mangle -i eth1 -s 18.104.22.168/24 -d 22.214.171.124/24 -j
MARK --set-mark 1
# Specify route table for marked traffic
ip rule add fwmark 1 table dmz.out
# Complete the new routing table
ip route add default via 126.96.36.199 table dmz.out
Be aware that as IP routing is generally destination driven the 188.8.131.52
router needs to think the 184.108.40.206/24 subnet is via the internet for this to
work. Also, interface state changes on eth0 may remove the route entry from
table dmz.out, this happens to me where eth0 is ppp and it drops.
To remove the circular route issues (for statefull firewalling etc.), the
220.127.116.11/24 side of the VPN should think 18.104.22.168/24 is via the internet.
> -----Original Message-----
> From: linux-bounces+andrew=coolchilli.com at lists.samba.org
> [mailto:linux-bounces+andrew=coolchilli.com at lists.samba.org]On Behalf Of
> Kim Holburn
> Sent: Wednesday, 3 December 2003 8:02 PM
> To: Linux user group
> Subject: [clug] routing advice needed
> For you router guys out there I need some advice.
> I have a machine with 3 interfaces.
> eth0 -> 22.214.171.124/26 -> 126.96.36.199 -> internet
> eth1 -> 188.8.131.52/24 -> 184.108.40.206/24
> -> 220.127.116.11 -> VPN to 18.104.22.168/24
> eth2 -> 22.214.171.124/24 -> internal net
> default route is -> eth0 126.96.36.199
> if I have a packet from eth2 to the special subnet 188.8.131.52/24 I
> want to it to go via a gateway on eth1 184.108.40.206 (say a VPN) but
> if I have a packet from eth1 to 220.127.116.11/24 I want it to go via
> the default route (eth0).
> I use the command:
> ip route 18.104.22.168/24 via 22.214.171.124 from 126.96.36.199/24
> but what I get is the same as if I ran:
> ip route 188.8.131.52/24 via 184.108.40.206
> Anyone have an idea how to do that?
> Kim Holburn
> Network Consultant - Telecommunications Engineering
> Research School of Information Sciences and Engineering
> Australian National University - Ph: +61 2 61258620 M: +61 0417820641
> Email: kim.holburn at anu.edu.au - PGP Public Key on request
> Life is complex - It has real and imaginary parts.
> Andrea Leistra (rec.arts.sf.written.Robert-jordan)
More information about the linux