1

I've got 2 interfaces on my server (eno1 & eno2). Whenever any process try to reach an IP (lets say 183.182.99.1), I want the traffic to use the eno2 link.

Here is my current routing table:

default via 192.168.1.1 dev eno2 metric 90 
default via 172.22.1.1 dev eno1 metric 100 
183.182.99.1 via 192.168.1.1 dev eno2 metric 80

The problem here is whenever eno2 is down, then kernel try to reach this IP using eno1.
Instead, I want it to fail as if it were offline.

Is there any way to accomplish this?

Stopi
  • 211
  • 1
  • 7

1 Answers1

1

Yes you can just "insert" a blackhole route "between" your two routes. By insert between, I mean use a higher metric than eno2's metric but lower metric than eno1's metric. Of course not having a default route on eno1 at all would also solve it.

# ip route add blackhole default metric 95

You can replace blackhole (drop) with prohibit or unreachable to get various ICMP messages instead of nothing (when routing. Local processes immediately get an error even with blackhole). throw could be used too, but its purpose is different and usually intended for additional ip rules.

If your goal is to protect only 183.182.99.1 from using eno1, then apply this only to this IP, for example, this instead of above (metric doesn't matter much as long as it's above 80, since as usual a shorter netmask (/32) always wins over a larger netmask (/0)):

# ip route add blackhole 183.182.99.1 metric 9999
A.B
  • 9,037
  • 2
  • 19
  • 37
  • Thanks, the goal was indeed to protect only this IP from being accessed by eno1 while I still needed to have eno1 acting as a secondary gateway in case eno2 was down. Didn't know about blackhole. – Stopi Feb 27 '20 at 01:27