[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howtos:misc:network_policy_based_routing [2018/03/08 14:54 (UTC)] – [Sources] The template text does tell you:You must remove the tag-word "template" below before saving your new page alienbobhowtos:misc:network_policy_based_routing [2018/03/09 22:24 (UTC)] (current) – [ip rule] lamerix
Line 4: Line 4:
 By default networks packets are routed based on their destination address. By default networks packets are routed based on their destination address.
  
-Linux supports routing policies,and this allows you to have multiple routing tables and make routing decisions based on other variables.+Linux supports routing policies, and this allows you to have multiple routing tables and make routing decisions based on other variables.
  
 <note> <note>
-Kernel must be compiled with CONFIG_IP_ADVANCED_ROUTER (Networking/IP: Advanced Router) and CONFIG_IP_MULTIPLE_TABLES (Networking/IP: policy routing).+Kernel must be compiled with CONFIG_IP_ADVANCED_ROUTER (Networking/IP: Advanced Router) and CONFIG_IP_MULTIPLE_TABLES (Networking/IP: policy routing).  
 + 
 +If you will use this in combination with iptables you will also need CONFIG_NETFILTER_XT_MARK & IP_NF_MANGLE from Network packet filtering framework (Netfilter). 
 </note> </note>
  
Line 15: Line 18:
  
 By default the file should look something like this: By default the file should look something like this:
-<file>+<file bash /etc/iproute2/rt_tables>
 # #
 # reserved values # reserved values
Line 30: Line 33:
 </file> </file>
  
 +
 +You can check the routing table(s) with
 +<code>
 +ip route show table [Table name || Table ID]
 +</code>
 ====== Source based routing example ====== ====== Source based routing example ======
  
-In-order to start making routing based on source address you'll need to do just two simple things.+In order to start making routing based on source address you'll need to do just two simple things.
  
 First you'll need to create a new **routing table** instance. Let's name it **srcroute**. First you'll need to create a new **routing table** instance. Let's name it **srcroute**.
Line 48: Line 56:
 You will probably need to add a default gateway to the new routing table(s) you are creating. You will probably need to add a default gateway to the new routing table(s) you are creating.
 </note> </note>
 +
 +
 +====== ip rule ======
 +
 +Full list of the possible parameters you can get from the [[http://man7.org/linux/man-pages/man8/ip-rule.8.html|man page]]. \\
 +You can combine ip-rule with fwmark that you can set with iptables, so can create an ip rule with every match iptables is capable of. \\
 +If you notice any packets getting lost, make sure to enable martian packages logging
 +<code>
 +net.ipv4.conf.default.log_martians=1
 +net.ipv4.conf.all.log_martians=1
 +</code>
 +If you notice any martian packets getting logged/dropped, you can disable the reverse path filer of the kernel
 +<code>
 +net.ipv4.conf.default.rp_filter=0
 +</code>
 +
 +====== iptables mark ======
 +
 +Simply use -j MARK --set-mark <MARK>. The target MARK only works in mangle.
 +  * For incoming packages use -t mangle -A PREROUTING
 +  * For outgoing packages -t mangle -A OUTPUT. 
 +
  
 ====== Sources ====== ====== Sources ======

Trace:

howtos:misc:network_policy_based_routing ()