David,
Your post is a touch lean on the details, but I'm assuming that your
policy routing device is the host you have identified as "fire". So
please understand my comments accordingly.
: from 196.33.50.0/25 (default route) to ISP1
: from 196.33.248.0/24 (default route) to ISP2
:
:
: ISP1 --------- fire --+---- 196.33.248.0/24
: / |
: ISP2 --------/ +---- router ----- router ----- 196.33.50.0/25
:
:
: What I've done:
: Default route via ISP1
: created routing table ISP2 for default route via ISP2
If you only wish to have different default routes depending on the source
address, I'd suggest using only two routing tables, "main" and "ISP2" or
any alternate table.
Your default route (in table main) points to ISP1. Now, copy the entire
routing table [1] to the table ISP2. This will populate table ISP2 with
an exact replica of table main.
ip route flush table ISP2
ip route show table main | while read ROUTE ; do
ip route add table ISP2 $ROUTE
done
Once you have built table ISP2, you can issue the following command to
replace the default route with your desired default route.
ip route change default table ISP2 via $ISP2_GATEWAY
Now, a new entry in the RPDB (similar to the one you already have) will
select this table.
ip rule add from 196.33.248.0/24 table ISP2
Now, the order of the lookup (predictable though it is) shouldn't matter.
If a route lookup uses table ISP2, this table will have routes to the same
destinations as table main.
: I would like to do the following but they get loaded in the wrong order:
You can specify priority in your ip rule commands:
ip rule add prio 500 from 196.33.248.0/24 table ISP2
ip rule add prio 4000 from 196.33.248.0/24 to 196.33.248.0/24 table main
: ip rule add from 196.33.248.0/24 to 196.33.248.0/24 table main
: ip rule add from 196.33.248.0/24 table ISP2
:
: Everything works but 196.33.248.0/24 can't connect to fire as fire is
: loading the rule pointing at ISP2 first...
This is the sentence which confuses me most about you your post. I hope
my assumptions were correct, so let me know if they were not, and let us
know how you fare.
You may find a tour of the kernel's routing selection decision process
helpful. [2] Also, for the record, I (and Alexey Kuznetsov, the author of
iproute2) suggest explicit priorities to the rules in the RPDB.
If you do not specify priority in your RPDB, the rules are added with a
higher priority than the highest (non-zero) priority. The RPDB entry
for prio 0 is the rule for locally hosted IPs. This cannot be removed,
nor can it be superseded.
Best of luck,
-Martin
[1] http://linux-ip.net/html/scripts/copy-routing-table.sh *
[2] http://linux-ip.dyndns.org:54345/html/routing-selection.html
* Sorry for the spelling error in this script. I just noticed it, and
will attend to it, although I have no immediately forthcoming update to
the site and scripts.
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
