8

I'm trying to route packets based on their source address, and have added the following:

# ip rule add from 10.10.10.0/16 dev eth0 table foobar
# ip route add default via 100.100.100.1 dev eth0 table foobar

Testing the routing however gives me wrong via address:

# ip route get 4.3.2.1 from 10.10.10.1
4.3.2.1 from 10.10.10.1 via 100.0.0.1 dev eth0

Why doesn't this get respected?

This is my regular routes

# ip route list
default via 100.0.0.1 dev eth0

and

# ip route show table foobar
default via 100.100.100.1 dev eth0

and

# ip rule list
0:  from all lookup local
32765:  from 10.10.10.0/16 iif eth0 lookup foobar
32766:  from all lookup main
32767:  from all lookup default
Alfred Balle
  • 399
  • 2
  • 6
  • 22

1 Answers1

5

Your issue isn't issue. In rule you use not only source address, but also input interface match. So, there are two ways to solve your "problem":

  1. Don't use the dev eth0 in the rule
  2. Add iif eth0 in the ip route get... command. The iif option allows you use non-local addresses in the ip route get command, so you can use something like: ip route get 4.3.2.1 from 10.10.20.253 iif eth0
Anton Danilov
  • 4,874
  • 2
  • 11
  • 20
  • I was wondering if that was it. Since they're both routed to eth0, it might just be returning the default because that's the top rule for that interface. I'd add a new interface on eth1, and see if that changed it. – Satanicpuppy May 03 '19 at 13:34
  • In the `ip route get` by default used the loopback interface if `iif` isn't specified. If you want the bloody details, you can look at source code ( https://elixir.bootlin.com/linux/latest/source/net/ipv4/route.c#L2868 ) – Anton Danilov May 03 '19 at 13:48