Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

92 questions
8
votes
1 answer

ip rule and route doesn't get respected

I'm trying to route packets based on their source address, and have added the following: # ip rule add from 10.10.10.0/16 dev eth0 table foobar # ip route add default via 100.100.100.1 dev eth0 table foobar Testing the routing however gives me…
Alfred Balle
  • 399
  • 2
  • 6
  • 22
7
votes
1 answer

Multi-homed OpenBSD system: Policy based routing vs. mpath default routes

TL;DR Will OpenBSD policy based routing help with a multi-homed server/gateway situation? If so, how do I configure it? Long Form I'm managing an OpenBSD with two ISP links and VPN tunnels to remote routing nodes. Initially we used multiple default…
Jim Dennis
  • 807
  • 1
  • 10
  • 22
7
votes
1 answer

How do policy based routing tables actually work?

My understanding of Policy Based Routing in Linux is that there are three main components, the routing tables, the routes and the rules. I've followed many guides and in each of them this seems to be correct, so I create a route table, I add a…
HuggieRich
  • 171
  • 1
  • 2
5
votes
1 answer

Overcome asymmetric routing while migrating between sets of ISPs

We are migrating from one set of addresses to another set, both /24, and trying to minimize any down time during the migration. Ideally we'd run both for a period of time as we shut down the old circuits. There are a total of 4 internet…
fullstop
  • 51
  • 5
5
votes
2 answers

How can I configure openvpn to proxy traffic only for processes that bind to the tun interface?

I'm trying to configure openvpn so that only traffic from certain processes goes over the vpn, but those processes could connect to anywhere. I'm trying to do that by having openvpn not do any route configuration (--route-noexec) and having…
bobpoekert
  • 263
  • 2
  • 8
4
votes
1 answer

Forward IP packets to tunnel device

I have created an tunnel device using ip tuntap add dev tun0 mode tun user 0 group 0 I then assign it an ip address 192.168.0.1/22 ifconfig tun0 192.168.0.1 netmask 255.255.252.0 On my ethernet device eth0, I receive packets from machines in the…
Ashwin
  • 41
  • 3
4
votes
1 answer

How to prevent default route from propagating into iBGP?

I have 2 Foundry FESX448 switches which have external BGP connections. Each of them receive a default route. These 2 switches also have a BGP session configured between themselves and advertise routes to each other as iBGP. I only want one of the…
Andy Shinn
  • 4,131
  • 8
  • 38
  • 55
4
votes
2 answers

3 WAN and a Cisco Router - PBR, QOS, Load-Balancing

I have a cisco router with 4 ethernet interfaces, scenario is as follows : 2 x Dedicated Leased Lines (2MB and 4MB) 1 x Business Class DSL 10MB 4 3COM L2, Switches, connected to a Core Switch (3COM - Layer-2) Core Switch Connected to 1 Ethernet…
Mutahir
  • 2,347
  • 2
  • 32
  • 42
3
votes
0 answers

avoid packets being treated as "martians": is this thinking correct?

I have a cable connection with a Linux-based router. The router has two physical interfaces: enp1s0 (dhcp from cable provider) enp2s0 (192.168.1.1) with masquerading on enp1s0. then, I have an OpenVPN client connection: tun0 (10.0.0.4) Again, with…
rmalchow
  • 176
  • 6
3
votes
0 answers

policy routing for local outcoming connections

I have a multihomed setup with two upstream providers. And I want to confine some connections to use only one provider — local outgoing connections that is. So, I've made a custom routing table, which has a directly-connected network route and a…
Alexander Sergeyev
  • 253
  • 1
  • 2
  • 10
3
votes
1 answer

Change source IP address based on the system user

I would like to make a certain user have a specific source IP address. For this purpose, I added a secondary IP address to the network interface and tried to enforce the source IP using ip6tables and policy routing. Summary: All IPv6-traffic gets…
Lekensteyn
  • 6,111
  • 6
  • 37
  • 55
3
votes
2 answers

Simple Policy Based Routing for matching source packet to return packet

I have two ADSL modem-routers and a server all in the same statically-assigned IP address range (192.168.0.1/24). Internet 1 -- (1.1.1.1) Modem 1 (192.168.0.1) -- Switch -- (192.168.0.3) Server Internet 2 -- (2.2.2.2) Modem 2 (192.168.0.2)…
tudor -Reinstate Monica-
  • 1,805
  • 18
  • 35
3
votes
1 answer

Packets not entering FORWARD chain

first of all, this is not an every-day routing issue. The setup is fairly complex, so let me state it before. I got a router with, lets keep it simple, 3 interfaces. eth0, eth1, eth2. eth2 is used for pppoe. eth0 & eth1 have the clients. Okay so far…
f0o
  • 55
  • 8
3
votes
3 answers

Linux policy routing - packets not coming back

i am trying to set up policy routing on my home server. My network looks like this: Host routed VPN gateway Internet link through VPN 192.168.0.35/24 ---> 192.168.0.5/24 ---> 192.168.0.1 DSL router …
Bugsik
  • 59
  • 1
  • 1
  • 5
3
votes
1 answer

Two NICs, one with static ip and one DHCP. IP Policy routing

I have trouble configuring a server that I own. It has Linux Ubuntu Server Edition 10.04 LTS as OS, two NICs (eth0 and eth1) and uses OpenVPN. eth0 is connected to a switch which is connected to a 3G router (static ip: 192.168.0.254) and eth1 is…
ixM
  • 173
  • 1
  • 8
1
2 3 4 5 6 7