Re: Routing based on source address

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Joost,

 : Is it possible to create a routing rule that depends on the 
 : source host/network, besides the target host/network?
 : 
 : E.g. route everything from 192.168.0.x to 10.0.0.1, and route 
 : everything from 192.168.1.x to 10.0.0.1.

Yes.  If I understand your question correctly, you have described a 
classic case of policy routing.  Policy routing allows you to use 
packet attributes and meta-attributes other than the destination 
IP/network for route selection.  These documents [0] and [1] are a 
few years old, but everything described still functions this way.

You will want to learn about how to use the routing policy database 
(RPDB) and then you'll need to create multiple routing tables.  The 
RPDB controls whether and which of the routing tables is selected 
based on things like Type of Service (ToS), source address, 
netfilter mark and/or ingress interface.

And here are two tips:

  A. turn off reverse path filtering [2]
  B. think about the return path of packets, too

Forgetting to account for the return path of packets seems to be a 
commonly encountered problem when implementing policy routing 
solutions.  I suggest the copy_routing_table shell function [3], 
which can be run like this:

  # printf "%s %s\n" 5 provider_b >> /etc/iproute2/rt_tables
  # copy_routing_table provider_b

Now, there's an exact copy of the main routing table in the routing 
table provider_b (number 5).  Next step is to change the default 
route for that routing table:

  # ip route change default table provider_b via 10.0.0.1
  # ip rule add from 192.168.0.0/24 table provider_b
  # ip rule add from 192.168.1.0/24 table provider_b

Good luck,

-Martin

 [0] http://linux-ip.net/html/routing-rpdb.html
 [1] http://linux-ip.net/html/routing-selection.html
 [2] http://lartc.org/howto/lartc.kernel.html#LARTC.KERNEL.RPF

 [3] function for copying a routing table

     # - - - - - - - - - - -
       copy_routing_table () {
     # - - - - - - - - - - -
     #
     # -- accepts at least one parameter:
     #
     #    $1:  table identifier for the routing table to create
     #    $2:  optional source table identifier
     #
       test "$#" -lt "1"     && return
       DTABLE=$1
     
       test "$#" -gt "1"     && STABLE="$2"
       test "$STABLE" = ""   && STABLE="main"
     
       ip route flush table $DTABLE
       ip route show table $STABLE | while read ROUTE ; do
           ip route add table $DTABLE $ROUTE
       done
     
     }


-- 
Martin A. Brown
http://linux-ip.net/
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux