0

I know question was answered multiple times, but this situation a bit different.

So here is what I have:

  • All users must user default gateway on eth0, except one
  • That one must only use gateway on eth1 and must not under any circumstances use eth0

Separately this things easy to implement, but together... With setup it mostly works: 1002 user goes via eth1 and goes nowehere if it's not available. However, some hosts are still routed via eth0. I have no idea why.

Here is my setup:

user@localhost:~$ ip rule

0:  from all lookup local
1000:   from all fwmark 0x5 lookup 5
2000:   from all fwmark 0x5 lookup 6
32766:  from all lookup main
32767:  from all lookup default`



user@localhost:~$ ip route list table 5
0.0.0.0/1 via 10.10.0.185 dev eth1



user@localhost:~$ ip route list table 6

blackhole 0.0.0.0/1



user@localhost:~$sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT



user@localhost:~$ sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o eth1 -j MASQUERADE



user@localhost:~$ sudo iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A OUTPUT -m owner --uid-owner 1002 -j MARK --set-xmark 0x5/0xffffffff
Andoriyu
  • 3
  • 2

1 Answers1

2

You specified a route of 0.0.0.0/1. This subnet consists of 0.0.0.0 through 127.255.255.255 inclusive. It's not at all clear why you would want to only route half of the possible IP addresses. I suspect you meant to route all of it (e.g. 0.0.0.0/0) instead.

Community
  • 1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • yup, that was an issue. just noticed that. And pattern of ip address routed via eth0. Apparently, just typing everything here helped me solve it. Thanks. – Andoriyu Aug 04 '14 at 21:45