Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

92 questions
0
votes
2 answers

multiple macvlan devices and policy based routing confusion

I have a server (ubuntu/debian) with two ISP connections. Both of these WAN connections have multiple public IP addresses. (big pipe)----eth0-->\ > server ---eth2--(internal) (cable pipe)--eth1-->/ On eth0 I have 4 IPs…
wafflemann
  • 3
  • 3
0
votes
2 answers

Does each custom routing table (w/default gateway) need a link scope route?

My Centos machine has a custom routing table foo_table containing just a default gateway route: # ip route add default via 10.0.2.1 table foo_table # ip route show table foo_table default via 10.0.2.1 dev bond0.2 A policy rule routes all traffic…
Frode
  • 103
  • 6
0
votes
0 answers

Ubuntu 16.10: source based routing: packets are not redirected

I'm trying to configure source based routing on my ubuntu-machine. As simplest example I'm trying to configure the only one interface on my machine. All configuration taken from here:…
user2754098
  • 11
  • 4
0
votes
2 answers

Azure how to connect Route-Based VPN with Policy-Based one

I've got Policy-Based VNET that is connected to Cisco ASA - there is no way to make it Route-Based. I need all of my app deployment (Azure Web App, Azure Cloud Services) to be connectable only from the subnet that lives after Cisco gateway - there…
zobber
  • 3
  • 1
  • 2
0
votes
1 answer

Except some IPs from rule to not allow internet through openwrt + openvpn when vpn is disconnected

I have the following working setup on my network: A. ISP-Router (connected to inet, internal ip 192.168.0.1 ) <----> B. eth0 - OpenWrt Router (OpenVPN client running) br-lan (bridge eth1 + wlan0, ip 192.168.1.0) <----> C. Multiple Clients The idea…
mc51
  • 121
  • 1
  • 8
0
votes
2 answers

Is this the proper way to utilize route-maps for intervlan routing?

screenshot of network map The network is pretty simple. Router-on-a-stick for nat/WAN access, Layer 3 switch for intervlan routing. Router: ip nat inside source list nated-nets interface FastEthernet0/0 overload ip access-list extended nated-nets …
parsecpython
  • 385
  • 2
  • 5
  • 16
0
votes
1 answer

Pfsense multi site-to-site wan with policy based routing

We want to create a Hybrid multi WAN site to site connection between two (and more?) remote offices. The office has two WAN connections to the HQ. One MPLS and one ordinary Internet connection. In the end policy based routing should utilise both…
Daywalker
  • 485
  • 5
  • 25
0
votes
2 answers

CentOS Multi Nic and Policy Routing?

I'm not familiar with CentOS and I need help doing the routing for this. I have a CentOS box with 3 NICs. eth0 Link encap:Ethernet inet addr:10.50.121.16 Bcast:10.50.121.255 Mask:255.255.255.0 eth1 Link encap:Ethernet …
Brad
  • 295
  • 1
  • 2
  • 9
0
votes
1 answer

Change source IP for specific target host

This is a follow up to this question of me. (Still on Debian 7.8) The problem isn't really IPSec related or anything, because I can't even ping the remote host with the "correct" source IP (through ping -I eth1:ipsec). Here are the necessary…
Lenniey
  • 5,090
  • 2
  • 17
  • 28
0
votes
1 answer

Fortinet as intermediate router

I have the next scenario: FG1(LAN A) <--IPSEC--> FG2(LAN B) <--IPSEC--> FG3(LAN C) Basically I need that "LAN A" reach "LAN C" through FG2, I've tried with "router policy" and "router static" without success. Thanks in advance to anyone can help…
Alejandro Llanes
  • 11
  • 1
0
votes
1 answer

load balancing multiple connections over multiple links

As I understand it (based on the kernel docs) the setting of "arp_filter=1" necessitates the use of a source based routing policy to allow multiple interfaces to route traffic, potentially (but not necessarily) between disconnected network…
Jeremiah Jinno
  • 1
0
votes
0 answers

puppetlabs/firewall nat policy issue

I'm using puppetlabs/firewall. I need to create following iptable rules: iptables -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 My manifests is firewall { '001 default redirection policy' : table => 'nat', chain =>…
Suresh Jackson
  • 1
  • 2
0
votes
0 answers

Routing traffic from LAN over VPN link out to 'net; works from router, not from LAN. What route is missing?

I have 3 machines. 2, routers, are connected over a VPN. The 3rd is a PC on the lan behind one of the routers. internet | | ROUTER S1 external: YYY.56.52.56 (eth0) vpn: 10.0.0.1 (tun0) …
user237020
0
votes
1 answer

PBR with iptables

I know question was answered multiple times, but this situation a bit different. So here is what I have: All users must user default gateway on eth0, except one That one must only use gateway on eth1 and must not under any circumstances use…
Andoriyu
  • 3
  • 2
0
votes
0 answers

routing based on source IP

I am trying to do source-based routing, following the question https://unix.stackexchange.com/questions/131527/routing-based-on-source-ip. The source IP floating one and assigned to a cluster (consists from 2 servers). Let's say that the physical IP…
user1977050
  • 155
  • 5
1 2 3 4
5
6 7