Re: source based routing help needed

On Thu, 28 Feb 2008 02:24:21 +0000, Jack Snodgrass wrote:

I've been doing linux for a long time, but never have gotten the hang of
source based routing. I need to set this up now so I am seeing if
someone can help me out... I've seen lots of examples using ppp0/ppp1
and ip addresses... but I just can't get a handle on this for my setup.

I have
eth0 ( local network )
tun1 ( web server traffic that comes in via a tunnel )

any traffic that comes in via the tun1 interface needs to go back out
the tun1 interface.

any traffic that comes in on the eth0 interface needs to go back out on
the eth0 interface.

I have this sort of working using standard routing where the 'default'
route goes over my tunnel so any web traffic that comes in, goes back
out that way correctly and I have my private network stuff set up to
route via eth0. The issue I have with this is that if the web server
does something like a yum update... the default route uses the tunnel
and I want it to use the eth0 interface.

How can I get source based routing to work on just the eth0 / tun1
interfaces?

Thanks - jack

Thanks... I kind of sort of came up with something that works... I added
a 100 tunnel entry to my /etc/iproute2/rt_tables file and then I use:

iptables -t mangle -A OUTPUT -p tcp --src 10.10.3.2 --sport 80 -j MARK --
set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp --src 10.10.3.2 --sport 25 -j MARK --
set-mark 0x2
ip rule add fwmark 0x2 table tunnel
ip route add default via 10.10.3.1 table tunnel


and that seems to do the trick. I really only want to do this for web and
mail so specifying the individual ports is fine.... anything that
comes in for those ports from my tunnel get marked and routed back out
the tunnel. everything else ( local network ) just goes over the default
route which happens to be the local network.

--
.

Relevant Pages

  • Re: PPTP client, masquerade and routing
    ... If the tunnel "goes down" then this host route should allow it to be ... reestablished without replacing the tunnel routing with the primary ... I think that the access to ${SERVER} through the Internet as provided ...
    (comp.os.linux.networking)
  • Re: showing esp tunnels in routing table
    ... tunnel do not seem to appear in either "netstat -nr" or 'route get ... and they are encapsulated before the routing table gets a chance ... openbsd's implementation of netstat allows one to view ESP ...
    (freebsd-net)
  • Re: IPsec tunnel up but no traffic
    ... From the verbose output of racoon I can tell then tunnel between both ... nodes is being build the moment I ping an IP adress on the remote LAN ... security policies took care of routing and not the routing table. ... route to the remote network. ...
    (comp.os.linux.networking)
  • source based routing help needed
    ... any traffic that comes in on the eth0 interface needs to go back ... I have this sort of working using standard routing where the 'default' ... route goes over my tunnel so any web traffic that comes in, ... route via eth0. ...
    (comp.os.linux.networking)
  • Re: showing esp tunnels in routing table
    ... tunnel do not seem to appear in either "netstat -nr" or 'route get ... You would have to setup transport ESP + gif/gre tunnels to see routing ... openbsd's implementation of netstat allows one to view ESP ...
    (freebsd-net)