On Thu, Feb 14, 2002 at 01:22:18AM -0500, Adrian Chung wrote:
> I've setup iproute2 to route anything for either subnet via the ipsec0
> device using a src address of the local interface. This is to force
> locally generated traffic (ie, traffic generated on the server) to go
> through the VPN, rather than out with a source IP of the external
> interface.
>
> So I've done:
>
> ip rule add table 1 prio 100
> ip route add table 1 <remoteLAN>/CIDR dev ipsec0 src <internalIP>
> ip route flush cache
>
> Now, my confusion is with regards to the src <internalIP> bit. I've
> been assuming that the 'src ...' syntax actually changes the source IP
> in the packets matching the route to the IP specified, much like SNAT
> does.
As far as I know, and that's not very far, 'src' mainly changes the source
address chosen for locally generated traffic ('on the box') going out that
interface.
The 'ip' tool actually has some pretty nice documentation in the form of a
rather big TeX file, which is mentioned in the HOWTO. ip-cref.tex it's
called I think.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
