By default networks packets are routed based on their destination address.
Linux supports routing policies, and this allows you to have multiple routing tables and make routing decisions based on other variables.
If you will use this in combination with iptables you will also need CONFIG_NETFILTER_XT_MARK & IP_NF_MANGLE from Network packet filtering framework (Netfilter).
By default you should have 3 routing tables: local, main & default. You can check what tables are currently existing by checking the content of /etc/iproute2/rt_tables.
By default the file should look something like this:
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep
You can check the routing table(s) with
ip route show table [Table name || Table ID]
In order to start making routing based on source address you'll need to do just two simple things.
First you'll need to create a new routing table instance. Let's name it srcroute.
echo 200 srcroute >> /etc/iproute2/rt_tables
Then you need to create the policy routing rule. In the current case we'll match all traffic with srcip 10.10.10.1 and route it based on the srcroute routing table entries.
ip rule add from 10.10.10.1 lookup srcroute
Full list of the possible parameters you can get from the man page.
You can combine ip-rule with fwmark that you can set with iptables, so can create an ip rule with every match iptables is capable of.
If you notice any packets getting lost, make sure to enable martian packages logging
net.ipv4.conf.default.log_martians=1 net.ipv4.conf.all.log_martians=1
If you notice any martian packets getting logged/dropped, you can disable the reverse path filer of the kernel
net.ipv4.conf.default.rp_filter=0
Simply use -j MARK –set-mark <MARK>. The target MARK only works in mangle.
* Originally written by lamerix