Server Fault
Server Fault

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

97 questions
8
votes
1 answer

ip rule and route doesn't get respected

I'm trying to route packets based on their source address, and have added the following: # ip rule add from 10.10.10.0/16 dev eth0 table foobar # ip route add default via 100.100.100.1 dev eth0 table foobar Testing the routing however gives me…
Alfred Balle
  • 419
8
votes
1 answer

How do policy based routing tables actually work?

My understanding of Policy Based Routing in Linux is that there are three main components, the routing tables, the routes and the rules. I've followed many guides and in each of them this seems to be correct, so I create a route table, I add a…
HuggieRich
  • 181
7
votes
1 answer

Multi-homed OpenBSD system: Policy based routing vs. mpath default routes

TL;DR Will OpenBSD policy based routing help with a multi-homed server/gateway situation? If so, how do I configure it? Long Form I'm managing an OpenBSD with two ISP links and VPN tunnels to remote routing nodes. Initially we used multiple default…
Jim Dennis
  • 837
5
votes
1 answer

Overcome asymmetric routing while migrating between sets of ISPs

We are migrating from one set of addresses to another set, both /24, and trying to minimize any down time during the migration. Ideally we'd run both for a period of time as we shut down the old circuits. There are a total of 4 internet…
fullstop
  • 51
5
votes
2 answers

How can I configure openvpn to proxy traffic only for processes that bind to the tun interface?

I'm trying to configure openvpn so that only traffic from certain processes goes over the vpn, but those processes could connect to anywhere. I'm trying to do that by having openvpn not do any route configuration (--route-noexec) and having…
bobpoekert
  • 293
4
votes
1 answer

Forward IP packets to tunnel device

I have created an tunnel device using ip tuntap add dev tun0 mode tun user 0 group 0 I then assign it an ip address 192.168.0.1/22 ifconfig tun0 192.168.0.1 netmask 255.255.252.0 On my ethernet device eth0, I receive packets from machines in the…
Ashwin
  • 41
4
votes
1 answer

How to prevent default route from propagating into iBGP?

I have 2 Foundry FESX448 switches which have external BGP connections. Each of them receive a default route. These 2 switches also have a BGP session configured between themselves and advertise routes to each other as iBGP. I only want one of the…
Andy Shinn
  • 4,351
4
votes
2 answers

3 WAN and a Cisco Router - PBR, QOS, Load-Balancing

I have a cisco router with 4 ethernet interfaces, scenario is as follows : 2 x Dedicated Leased Lines (2MB and 4MB) 1 x Business Class DSL 10MB 4 3COM L2, Switches, connected to a Core Switch (3COM - Layer-2) Core Switch Connected to 1 Ethernet…
Mutahir
  • 2,377
4
votes
1 answer

Prevent routing loop with FwMark in Wireguard

I want to set up a VPN server so that the VPN connection is used only when accessing resources within the server. Normally, I'd do this by using the server's internal IP, but I want to use the domain name to access this server. There are a few ways…
Asher
  • 43
4
votes
1 answer

Why is Linux policy-based routing (PBR) not working for ping?

First of all, it seems as if this question is about Linux, but it seems to me that it is about basic routing concepts. I happen to have the following configuration: What I am trying to do is to ensure symmetric routing on the server (CentOS 7), so…
Tedpac
  • 43
4
votes
2 answers

Wireguard use one client as gateway of another

I have a Wireguard VPN setup that basically looks like this: P1 ---- S ---- P2 --- Internet IP addreses: P1 = 10.200.1.5 S = 10.200.1.1 P2 = 10.200.1.3 I am redirecting all traffic of P1 to S by specifying allowedIps = 0.0.0.0/0 in P1's client…
Coxer
  • 197
  • 2
  • 14
4
votes
2 answers

Ubuntu 18.04 policy based routing: netplan does not populate routing table

I have 2 network interfaces - 1 connected to internal network and 1 connected to external network, both interfaces acquire their IP from DHCP. By default traffic goes through internal network and external network should be routed separately through…
rsoome
  • 41
3
votes
1 answer

How to group interfaces for the purpose of using ip-rule's suppress_ifgroup feature?

I found out about ip-rule's "suppress_ifgroup X" feature which seems to allow me to tell the kernel to ignore a route from the given table with an outgoing interface that belongs to that group X. But I couldn't find any information of how I would…
sellibitze
  • 143
3
votes
0 answers

avoid packets being treated as "martians": is this thinking correct?

I have a cable connection with a Linux-based router. The router has two physical interfaces: enp1s0 (dhcp from cable provider) enp2s0 (192.168.1.1) with masquerading on enp1s0. then, I have an OpenVPN client connection: tun0 (10.0.0.4) Again, with…
rmalchow
  • 176
3
votes
0 answers

policy routing for local outcoming connections

I have a multihomed setup with two upstream providers. And I want to confine some connections to use only one provider — local outgoing connections that is. So, I've made a custom routing table, which has a directly-connected network route and a…
Alexander Sergeyev
  • 253
  • 1
  • 2
  • 10
1
2 3 4 5 6 7