Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

92 questions
3
votes
3 answers

Linux policy routing - packets not coming back

i am trying to set up policy routing on my home server. My network looks like this: Host routed VPN gateway Internet link through VPN 192.168.0.35/24 ---> 192.168.0.5/24 ---> 192.168.0.1 DSL router …
Bugsik
  • 59
  • 1
  • 1
  • 5
3
votes
1 answer

Two NICs, one with static ip and one DHCP. IP Policy routing

I have trouble configuring a server that I own. It has Linux Ubuntu Server Edition 10.04 LTS as OS, two NICs (eth0 and eth1) and uses OpenVPN. eth0 is connected to a switch which is connected to a 3G router (static ip: 192.168.0.254) and eth1 is…
ixM
  • 183
  • 2
  • 9
3
votes
2 answers

pfSense with two WANs, routing Skype traffic over a specific WAN

I have a pfSense setup with two WANs (WAN1 and WAN2) and one LAN network. The two WANs are setup for failover. However, QoS has recently been an issue for Skype calls in our office (about 30 people) so we want to dedicate WAN2 for Skype traffic (we…
Eric
  • 31
  • 1
  • 1
  • 3
3
votes
1 answer

Choose gateway based on UID (Linux)

I have two NICs and two IPs. How do I set up routing in a way where everything is sent through the first IP, except the traffic of a given (local) user, whose traffic is sent through the second IP? I know there are some HOWTOs out there but in the…
raerek
  • 658
  • 7
  • 12
3
votes
2 answers

Wireguard use one client as gateway of another

I have a Wireguard VPN setup that basically looks like this: P1 ---- S ---- P2 --- Internet IP addreses: P1 = 10.200.1.5 S = 10.200.1.1 P2 = 10.200.1.3 I am redirecting all traffic of P1 to S by specifying allowedIps = 0.0.0.0/0 in P1's client…
Coxer
  • 187
  • 1
  • 14
3
votes
2 answers

Why an iptables NAT does not happen in the network namespace separated transparent proxy setup?

I'm trying to setup transparent proxying networks on my host. Real Client and Proxy targets are containters but in this experiment I use netns (network namespace) separated envinroment. To redirect client traffic to proxy transparently, I use policy…
Chul-Woong Yang
  • 133
  • 1
  • 7
2
votes
1 answer

Response packet on the same interface as incoming in LAN

Currently, I'm struggling with the following scenario: I have a server with 2 interfaces in 2 separate LAN subnets. IF1, IF2 I have a laptop which has an IP address from the first subnet When I try to connect from this particular laptop to the…
libbkmz
  • 151
  • 2
  • 4
2
votes
1 answer

linux IPv6 policy based routing fails

I have a VPN server that act as my IPv6 connection to the Internet. The setup us like this: I have been assigned a /48 address pool, that I want to subnet to my VPN clients. For argument sake lets call the pool 2001:DB8:CAFE::/48. I have split that…
Lasse Michael Mølgaard
  • 947
  • 10
  • 27
2
votes
2 answers

Use OpenVPN tun device for specific request

I have setup an OpenVPN connection with the route-nopull configuration. So now no special routes have been added to the client's configuration and only a TUN device is created, like so: tun0 Link encap:UNSPEC HWaddr…
Jelle De Loecker
  • 1,094
  • 6
  • 17
  • 30
2
votes
1 answer

Cisco Catalyst 4500 Policy Based Routing

In order to test a new firewall I just set up I'm trying to implement policy based routing on our core switch. I want traffic from certain vlans to be routed to the new firewall while everything else continues being routed through the old firewall.…
Logan
  • 23
  • 4
2
votes
1 answer

I can't access my public IP from local network

I use a linux machine with two different internet connections as the default gateway of local network. Each internet conncetion has its own public ip address. I've used source routing with "ip rule" command to balance outgoing traffic between these…
Mohammad
  • 21
  • 1
  • 3
2
votes
1 answer

IPv6 policy routing on Linux

My organisation currently has two active IPv6 ranges available to it, and we're cutting over from one to the other. I would like to have them both working at once, but it appears that Linux does not support policy routing for IPv6. Our Linux-based…
Zanchey
  • 3,051
  • 22
  • 28
2
votes
1 answer

Why is Linux policy-based routing (PBR) not working for ping?

First of all, it seems as if this question is about Linux, but it seems to me that it is about basic routing concepts. I happen to have the following configuration: What I am trying to do is to ensure symmetric routing on the server (CentOS 7), so…
Tedpac
  • 21
  • 4
2
votes
1 answer

Rechability of different interfaces without having a route in a seperate routing table

We're currently trying to route all packets from our guest vlan's (eth1.251) subnet trough a wireguard tunnel into the internet. To accomplish this we're using policy based routing with a rule to use the routing table 10 when the traffic is comming…
ForJ9
  • 145
  • 4
1
vote
1 answer

Ping does not work on TAP interfaces with bridge

I am trying to understand the linux bridging and local ip rules, I have following topology on my linux laptop. br0 ___________|__________ | | |tap0 tap1| …
Haswell
  • 113
  • 2
  • 8
1
2
3 4 5 6 7