Route by source Interface IP rule
In this howtos series we will show how do we implement policy based routing under Debian (or any other Linux), the howtos divided into different parts, each part will provide a howto of a specific feature.
The old ip tools replaced by the iproute2 tool, many many features became availble such as interface management, PBR, source-route, route tables aggregation, QOS and more.
Under Debian the installation is very easy, there is a package called iproute which you can install easily:
apt-get install iproute
Don’t worry, it won’t replace your current ip/route tools but just work simultaneously to the current route/interface/ip tables.
Now you can use the iproute2 ip tools, to show your current route table just type: ip route list
The default route table is numbered as 254, in iproute2 we can create many route tables and assign them accordingly, to see all route tables type:
ip route list table all
If we want to route a connection that came to our specific IP address back to predefined specific gateway, we need to use ip rules and seperate route table that triggered by an ip rule, this is how we get it done:
ip route add default via GATEWAY table 113
ip rule add from LOCAL_IP table 113
GATEWAY – New gateway address to which we want to route classified traffic.
LOCAL_IP - An inbound connection to this IP address will be routed back via the GATEWAY.
That’s all, the table number is just a tag.
Examples of useful usage:
- A rule that says if there is a connection to our real IP, route it back via our real gateway otherwise all will be default routed via the VPN gateway. In that way we still can connect to our real IP and manage the server.
- Split Tunnel VPN connection: create rule that will route all far side networks via the vpn gateway, all other traffic will be routed via the default gateway.