I faced a bit odd difficulty with policy-based routing on CentOS-6.6 server. I have a setup where I need to enroute all packets originated from 172.25.0.0/16 destinated to 172.24.0.0/16 and some XXX.155.106.50 via certain gateway (10.4.20.5) behind a VPN-tunnel. I'm just doing what I always did.
1) I defined zone2 table in my /etc/iproute2/rt_tables:
255 local
254 main
253 default
0 unspec
25 zone2
2) I added some rules, so here's what I get in reply to ip rule show:
0: from all lookup local
32762: from all to 172.25.0.0/16 lookup zone2
32763: from 172.25.0.0/16 lookup zone2
32766: from all lookup main
32767: from all lookup default
3) And, finally, I added some routes to the table, so in reply to ip route show table zone2 I get the following:
XXX.155.106.50 via 10.4.20.5 dev tun0
172.25.64.0/24 dev cloudbr0 scope link
172.25.65.0/24 dev cloudbr0 scope link
172.24.0.0/16 via 10.4.20.5 dev tun0
Everything seems quite legit, right? But, alas, these rules don't seem to be working, as tcpdump shows me all packets from 172.25.0.0/16 being sent not through my tunnel, but directly.
The most funny thing: when I do something like ping -I 172.25.65.254 XXX.155.106.50, everything works fine and packets are being routed through the tunnel. But if the packet comes from the network (by the way, the networking interface is bridged) - all these rules seems to be ignored and packets go directly. :(
Any clues & hints will be greatly appreciated!
