I am trying to use policy based routing on my system, the network is simple with 2 independent interfaces with independent networks..for example
NIC1 = 172.31.3.x/24 NIC2 = 172.31.1.x/24
each interface got its own gateway and have created tables in /etc/iproute2/rt_tables
The system also installs a docker container framework with its own network. initially I was not able to reach my containers and ports over the network...but thanks to the post - Docker symmetric/policy-based routing I was able to make it work.
here are the commands I am running on my system
ip route add default scope global nexthop via 172.31.3.185 dev eno1 weight 1 nexthop via 172.31.1.180 dev eno2 weight 2
ip route add 172.31.3.0/24 dev eno1 table eno1
ip route add default via 172.31.3.254 dev eno1 table eno1
ip rule add from 172.31.3.185/32 table eno1
ip rule add to 172.31.3.185/32 table eno1
ip route add 172.31.1.0/24 dev eno2 table eno2
ip route add default via 172.31.1.254 dev eno2 table eno2
ip rule add from 172.31.1.180/32 table eno2
ip rule add to 172.31.1.180/32 table eno2
and for docker to work - the following
ip rule add fwmark 0x1 table eno1
iptables -t mangle -A PREROUTING -i eno1 -m conntrack --ctstate NEW --ctdir ORIGINAL -j CONNMARK --set-mark 0x1
ip rule add fwmark 0x2 table eno2
iptables -t mangle -A PREROUTING -i eno2 -m conntrack --ctstate NEW --ctdir ORIGINAL -j CONNMARK --set-mark 0x2
iptables -t mangle -A PREROUTING -m conntrack ! --ctstate NEW --ctdir REPLY -m connmark ! --mark 0x0 -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m conntrack ! --ctstate NEW --ctdir REPLY -m connmark ! --mark 0x0 -j CONNMARK --restore-mark
Everything works except when I am trying to reach the local IPs 172.31.3.185 or 172.31.1.180 locally (from the same system)..I am not able to reach them. its reachable from outside. Can someone please help maybe the original author of the thread - Anton Danilov. Please help
