[clug] routing advice needed
andrew at coolchilli.com
Wed Dec 3 23:33:35 GMT 2003
A fairly simple source-routing request.
# Create another route table
echo "201 dmz.out" >> /etc/iproute2/rt_tables
# Mark packets matching the traffic flow you want
iptables -A PREROUTING -t mangle -i eth1 -s 22.214.171.124/24 -d 126.96.36.199/24 -j
MARK --set-mark 1
# Specify route table for marked traffic
ip rule add fwmark 1 table dmz.out
# Complete the new routing table
ip route add default via 188.8.131.52 table dmz.out
Be aware that as IP routing is generally destination driven the 184.108.40.206
router needs to think the 220.127.116.11/24 subnet is via the internet for this to
work. Also, interface state changes on eth0 may remove the route entry from
table dmz.out, this happens to me where eth0 is ppp and it drops.
To remove the circular route issues (for statefull firewalling etc.), the
18.104.22.168/24 side of the VPN should think 22.214.171.124/24 is via the internet.
> -----Original Message-----
> From: linux-bounces+andrew=coolchilli.com at lists.samba.org
> [mailto:linux-bounces+andrew=coolchilli.com at lists.samba.org]On Behalf Of
> Kim Holburn
> Sent: Wednesday, 3 December 2003 8:02 PM
> To: Linux user group
> Subject: [clug] routing advice needed
> For you router guys out there I need some advice.
> I have a machine with 3 interfaces.
> eth0 -> 126.96.36.199/26 -> 188.8.131.52 -> internet
> eth1 -> 184.108.40.206/24 -> 220.127.116.11/24
> -> 18.104.22.168 -> VPN to 22.214.171.124/24
> eth2 -> 126.96.36.199/24 -> internal net
> default route is -> eth0 188.8.131.52
> if I have a packet from eth2 to the special subnet 184.108.40.206/24 I
> want to it to go via a gateway on eth1 220.127.116.11 (say a VPN) but
> if I have a packet from eth1 to 18.104.22.168/24 I want it to go via
> the default route (eth0).
> I use the command:
> ip route 22.214.171.124/24 via 126.96.36.199 from 188.8.131.52/24
> but what I get is the same as if I ran:
> ip route 184.108.40.206/24 via 220.127.116.11
> Anyone have an idea how to do that?
> Kim Holburn
> Network Consultant - Telecommunications Engineering
> Research School of Information Sciences and Engineering
> Australian National University - Ph: +61 2 61258620 M: +61 0417820641
> Email: kim.holburn at anu.edu.au - PGP Public Key on request
> Life is complex - It has real and imaginary parts.
> Andrea Leistra (rec.arts.sf.written.Robert-jordan)
More information about the linux