This is an old revision of the document!
Table of Contents
Policy based routing
By default networks packets are routed based on their destination address.
Linux supports routing policies, and this allows you to have multiple routing tables and make routing decisions based on other variables.
If you will use this in combination with iptables you will also need CONFIG_NETFILTER_XT_MARK & IP_NF_MANGLE from Network packet filtering framework (Netfilter).
Routing tables
By default you should have 3 routing tables: local, main & default. You can check what tables are currently existing by checking the content of /etc/iproute2/rt_tables.
By default the file should look something like this:
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep
You can check the routing table(s) with
ip route show table [Table name || Table ID]
Source based routing example
In order to start making routing based on source address you'll need to do just two simple things.
First you'll need to create a new routing table instance. Let's name it srcroute.
echo 200 srcroute >> /etc/iproute2/rt_tables
Then you need to create the policy routing rule. In the current case we'll match all traffic with srcip 10.10.10.1 and route it based on the srcroute routing table entries.
ip rule add from 10.10.10.1 lookup srcroute
ip rule
Full list of the possible parameters you can get from the man page. \ You can combine ip-rule with fwmark that you can set with iptables, so can create an ip rule with every match iptables is capable of. When using in combination with iptables make sure to disable dropping of martian packages
iptables mark
Simply use -j MARK –set-mark <MARK>. The target MARK only works in mangle.
- For incoming packages use -t mangle -A PREROUTING
- For outgoing packages -t mangle -A OUTPUT.
Sources
* Originally written by lamerix