How to create a protocol-based default route using iproute2

Question

I'm trying to create two routes --

Send all packets with IP protocol version 100 to 1.1.1.1 (via device eth1)
Send all other IP packets to 2.2.2.2 (via device eth2)

Reviewing the man pages of ip-route and ip-rules, it seems like I should be able to do this, but I haven't been able to figure out the correct syntax.

This article has an example of how to setup a policy-based routing, but it's based on source IP address, not protocol number: http://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/

Is it possible to create protocol-based routing rules?

score 3 · Accepted Answer · answered Mar 08 '17 at 23:31

This is completely untested, but maybe something like this? This method uses firewall marking.

# part ip packets with a value of 100 as a protocol
iptables -A PREROUTING -i eth0 -t mangle --proto 100 -j MARK --set-mark 1

# packets with that mark use tabpe 'p100'
ip rule add fwmark 1 table p100

# a route on table 'p100' to a gateway for that network
/sbin/ip route add default via 192.0.2.1 dev eth2 table p100

See: http://lartc.org/howto/lartc.netfilter.html

PS don't forget to disable reverse path filtering.

Worked great. Also thanks for the reverse path filtering tip! — Runcible, Mar 09 '17 at 19:57

How to create a protocol-based default route using iproute2

1 Answers1