«
»

Howto: Debian route-map (part 1)

Route by source Interface IP rule

In this howtos series we will show  how do we implement policy based routing under Debian (or any other Linux), the howtos divided into different parts, each part will provide a howto of a specific feature.

The old ip tools replaced by the iproute2 tool, many many features became availble such as interface management, PBR, source-route, route tables aggregation, QOS and more.

Under Debian the installation is very easy, there is a package called iproute which you can install easily:

apt-get install iproute

Don’t worry, it won’t replace your current ip/route tools but just work simultaneously to the current route/interface/ip tables.

Now you can use the iproute2 ip tools, to show your current route table just type: ip route list

The default route table is numbered as 254, in iproute2 we can create many route tables and assign them accordingly, to see all route tables type:

ip route list table all

If we want to route a connection that came to our specific IP address back to predefined specific gateway, we need to use ip rules and seperate route table that triggered by an ip rule, this is how we get it done:

ip route add default via GATEWAY table 113

ip rule add from LOCAL_IP table 113

GATEWAY – New gateway address to which we want to route classified traffic.

LOCAL_IP - An inbound connection to this IP address will be routed back via the GATEWAY.

That’s all, the table number is just a tag.

Examples of useful usage:

  • A rule that says if there is a connection to our real IP, route it back via our real gateway otherwise all will be default routed via the VPN gateway. In that way we still can connect to our real IP and manage the server.
  • Split Tunnel VPN connection: create rule that will route all far side networks via the vpn gateway, all other traffic will be routed via the default gateway.

This entry was posted on Saturday, April 14th, 2007 at 6:39 pm and is filed under Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Howto: Debian route-map (part 1)”

  1. admin says:
    December 15, 2007 at 5:46 pm

    Did you know that you can route up with any IP address?
    If you have two ISPs connected to two NICs on your system you can set the default route thru one of the ISPs and you can route the other IP address thru the same ISP but the traffic will come back from the original, that what called “asymmetric route”…

    This way if you have good downstream line you can load balance your upload!

    But it’s only a tip for thinking, don’t relay on this, some ISPs may block or have routing problems with IP blocks that do not belong to them.

Leave a Reply

You must be logged in to post a comment.