Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

92 questions
1
vote
2 answers

OpenVPN Endpoint to endpoint using the real IPs

I want to connect two servers to eachother over the internet. For various reasons I cannot use IPSec for this. I would like traffic to be transparently encrypted as if I was using IPSec transport mode. I have decided to use routing for this (but I'm…
gparent
  • 3,561
  • 2
  • 23
  • 28
1
vote
0 answers

How to enable source-based policy routing with pfsense

I'm trying to setup pfsense to use WAN1 for all LAN traffic except when a computer has been added to an alias I labeled "PRIORITY". Those computers use WAN2. On the firewall rules, I set a LAN rule so that: "*" source and "! PRIORITY" destination…
Donald Hughes
  • 289
  • 1
  • 3
  • 9
1
vote
0 answers

How can you route DHCP requests through a non-default gateway?

I'm hosting some KVM virtual machines on a server with two NICs, eth0 and eth1. I have two networks 192.168.100/24 and 192.168.200/24. I have set up bridges as per http://www.linux-kvm.com/content/using-bridged-networking-virt-manager so that the…
pwan
  • 257
  • 3
  • 14
1
vote
1 answer

WireGuard policy-based routing

This question is about configuring a WireGuard relay that routes all its peer's traffic to another WireGuard server, but the relay itself does not use that WireGuard server as the default gateway. I am doing some self-hosting stuff. Currently my…
Waiho
  • 13
  • 3
1
vote
0 answers

DHCP pushed route to custom table on Linux

Is there a way I can direct routes that I receive from DHCP to a specific routing table depending on what interface it was received on? E.g. eth0 and eth1 are both configured by DHCP. I would like the default route from eth0 to end up in my main…
Carl H
  • 11
  • 1
1
vote
1 answer

Where does the configuration for routing rules come from on boot?

I am on RHEL7 with NetworkManager disabled and no additional legacy scripts installed. Meaning, that I still use: /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/route-eth0 /etc/sysconfig/network-scripts/rule-eth0 I have a…
KrNeki
  • 13
  • 2
1
vote
1 answer

Wireguard use one client as gateway of another

I have a Wireguard VPN setup that basically looks like this: P1 ---- S ---- P2 --- Internet IP addreses: P1 = 10.200.1.5 S = 10.200.1.1 P2 = 10.200.1.3 I am redirecting all traffic of P1 to S by specifying allowedIps = 0.0.0.0/0 in P1's client…
Coxer
  • 157
  • 14
1
vote
0 answers

How to whitelist egress traffic with a NetworkPolicy that doesn't prevent Apache Ignite from starting up?

I have some more or less complex microservice architecture, where Apache Ignite is used as a stateless database / cache. The Ignite Pod is the only Pod in its Namespace and the architecture has to pass a security audit, which it won't pass if I…
deHaar
  • 131
  • 8
1
vote
0 answers

Mac OS built-in VPN client Routing Table issues (Cisco IPSEC)

I have a Macbook Big Sur 11.5.2 and I’ve spent now quite some on this particular issue but I cannot figure it out. I need some help from people that are more expert than me on the matter. Background information Where I’m currently living right now…
Adwen
  • 41
  • 3
1
vote
1 answer

Multiple wireguard tunnels to same server how to force different interfaces

I have multiple wan links on my router and I'd want a wireguard tunnel on each wan interface to the same server. I started different working tunnels to the server using different destination ports, but of course they're using the default gateway and…
Metiu
  • 133
  • 1
  • 4
0
votes
1 answer

OpenVPN gateway does not reply on IPv6 ping, but does forward package

I am trying to debug my IPv6 network and ran into an issue that I can't understand. I am using OpenVPN as my VPN server and here is a short diagram of the setup: All packages are dropped, when I try to ping from VPN Client (2001:470:7875:1::2) to…
Lasse Michael Mølgaard
  • 704
  • 7
  • 24
0
votes
1 answer

Implementing Segment Routing Traffic Engineering (SR-TE) in IOS XR 6.3.1

I'm trying to deploy SR-TE on XRv9000 routers IOS XR 6.3.1 version which are deployed in AWS according to the topology below. I have accomplished the configuration of SR on all routers which is based on the official tutorial Cisco's official SR…
Khalil Mebarkia
  • 129
  • 1
  • 1
  • 13
0
votes
1 answer

Policy based routing priority behaviour

I have a quick question regarding the behaviour of priority when using policy based routing. I'm running Ubuntu 18.04 (kernel is 4.15.0-1021-aws). I'm using this machine as a gateway to forward packets from one interface to another. Let's say eth0…
Slicedpan
  • 201
  • 1
  • 3
  • 10
0
votes
2 answers

Kubernetes Calico: Networking policy to block connecting to the port 10250 on nodes

I have a Kubernetes cluster with Calico network overlay installed in it. How do I configure a network policy object to prevent pods connecting to the port 10250 (kubelet API) on the nodes? I have something along these lines: kind:…
pkout
  • 195
  • 2
  • 8
0
votes
1 answer

Routing issues while setting up OpenVPN chaining

I am trying to setup openvpn chaining in the following configuration. Laptop --> server1 --> server2 --> Internet The VPN links individually work between laptop and server1 and server1 and server2. However, when I bring them both up together, the…
user1004985
  • 125
  • 4
1 2 3
4
5 6 7