[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:misc:network_policy_based_routing [2018/03/09 07:49 (UTC)] – [Routing tables] lamerix | howtos:misc:network_policy_based_routing [2018/03/09 22:24 (UTC)] (current) – [ip rule] lamerix | ||
---|---|---|---|
Line 7: | Line 7: | ||
< | < | ||
- | Kernel must be compiled with CONFIG_IP_ADVANCED_ROUTER (Networking/ | + | Kernel must be compiled with CONFIG_IP_ADVANCED_ROUTER (Networking/ |
+ | |||
+ | If you will use this in combination with iptables you will also need CONFIG_NETFILTER_XT_MARK & IP_NF_MANGLE from Network packet filtering framework (Netfilter). | ||
</ | </ | ||
Line 15: | Line 18: | ||
By default the file should look something like this: | By default the file should look something like this: | ||
- | < | + | < |
# | # | ||
# reserved values | # reserved values | ||
Line 53: | Line 56: | ||
You will probably need to add a default gateway to the new routing table(s) you are creating. | You will probably need to add a default gateway to the new routing table(s) you are creating. | ||
</ | </ | ||
+ | |||
+ | |||
+ | ====== ip rule ====== | ||
+ | |||
+ | Full list of the possible parameters you can get from the [[http:// | ||
+ | You can combine ip-rule with fwmark that you can set with iptables, so can create an ip rule with every match iptables is capable of. \\ | ||
+ | If you notice any packets getting lost, make sure to enable martian packages logging | ||
+ | < | ||
+ | net.ipv4.conf.default.log_martians=1 | ||
+ | net.ipv4.conf.all.log_martians=1 | ||
+ | </ | ||
+ | If you notice any martian packets getting logged/ | ||
+ | < | ||
+ | net.ipv4.conf.default.rp_filter=0 | ||
+ | </ | ||
+ | |||
+ | ====== iptables mark ====== | ||
+ | |||
+ | Simply use -j MARK --set-mark < | ||
+ | * For incoming packages use -t mangle -A PREROUTING | ||
+ | * For outgoing packages -t mangle -A OUTPUT. | ||
+ | |||
====== Sources ====== | ====== Sources ====== |