Source-based Routing

This article discusses source-based routing wherein you can make your server accessible by various IP addresses from different networks when you have more than one router. Let us use the network scenario below as an example.

Your network has the following interfaces:

eth0 – assigned with the address 192.168.1.1/24

– has a gateway address of 192.168.1.254

eth1 – assigned with the address 10.0.1.1/24

– has a gateway address of 10.0.1.254

Default gateway is configured as 192.168.1.254. This means that all your traffic goes to 192.168.1.254, with the exception of traffic targeted to the 192.168.1.0/24 subnet.

If a user tries to access your host by targeting the 10.0.1.1 address, your host will send replies to 192.168.1.254 and the latter will likely block this request, seeing it as coming from an invalid source. To prevent this from happening for these replies, you need to set your source address as 10.0.1.1 and send them through your second router, which is 10.0.1.254.

 To do this, you should register a new routing table in the file /etc/iproute2/rt_tables. You can also use plain numbers instead of names in the said file:

echo 1 tablename >> /etc/iproute2/rt_tables

*where “tablename” is your preferred table name

**you can replace “1” with any unused number in the same file; it should not be equal to the already-used three numbers (in this scenario, the used numbers are 253-255) in the local, main, and default tables.

Add a lookup rule:

ip rule add from 10.0.1.1 table tablename

You also need to add a routing rule in the new routing table:

ip route add default via 10.0.1.254 dev eth1 table tablename

These steps also work for different routers connected to one interface.

Note that in Windows systems, these changes cannot be done using the vendor-provided tools.


For CentOS

To make the routing table changes shown above stay across reboots in CentOS Linux systems, do the following steps:

Add the following script:

#!/bin/bash
if [ “$1” == eth1 ]
then
ip rule add from 10.0.1.1 table tablename
ip route add default via 10.0.1.254 dev $1 table tablename
fi

Save the script as /sbin/ifup-local and make it executable (chmod a+x).

For Ubuntu/Debian

After doing the routing table changes shown above, add the following commands to corresponding sections of your /etc/network/interfaces file prefixed with “post-up”.

post-up ip rule from 10.0.1.1 table  tablename

post-up ip route add default via 10.0.1.254 dev eth1 table tablename

See our Knowledgebase for How-To articles.

Comments are closed.