Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [policy-routing]

Policy-Based-Routing is a more complex form of the ordinary routing table

With Policy-Based-Routing you can formulate specific rules to get your packets routed different than the normal main routing table.

You can define rules upon source or destination address as well as even more complex situations using fwmarks and iptable's mangle:PREROUTING chain which empowers you with all possibilities that iptables grants you.

Policy-Based-Routing can also be used to merge Multi-Link PPP uplinks and/or Load-Balancing as well as traffic shaping.

92 questions
1
vote
2 answers

VPN client doesn't have internet connection

I'm using Ubuntu 18.04 LTS on AWS and I'm trying to setup split tunneling using commercial VPN (PIA). I'm unable to use their .opvn configuration out of the box because when I do so my SSH connection drops and I have to restart the server in order…
The Onin
  • 41
  • 10
1
vote
2 answers

Routing packets based on which port client is connected to

I have a debian server with one incoming interface (eth1) and three modems (modem1, modem2, modem3). There's an instance of squid on this server, listening on three consecutive ports (3128, 3129, 3130 to be specific). I was able to set up to route…
Tim
  • 11
  • 2
1
vote
0 answers

Setting up openVpn as an interface rather than routing all traffic from paid vpn

I have subscribed to a VPN provider that's provides openVpn config files. Now instead of routing all traffic through this VPN, I would like to simply set it up as another interface where the software package that have the ability to use this…
mfaiz
  • 111
  • 1
1
vote
0 answers

Use iptables to load balance between multiple AWS elastic network interfaces

Environment: Amazon EC2 m4.4xlarge, running Amazon Linux 2 AMI 2.0 I would like to use iptables to load balance https requests between a set of elastic IPs that are assigned to multiple Amazon elastic network interfaces attached to the same…
anon12348918230093810
  • 111
  • 2
1
vote
1 answer

Docker symmetric/policy-based routing

Background I have a debian server that has 3 network interfaces which are: eno1 (10.0.0.35/24) eno1.10 (10.0.10.65/24) eno1.40 (10.0.40.40/24) Between those interfaces is a firewall. The multiple routes on the server lead to asymetrical routing…
Claypenguin
  • 13
  • 3
1
vote
1 answer

Policy-based routing - neither rules nor routes get picked-up by CentOS 7.6.1810

I have 2 VLANs over a bonded connection I can't get to work with policy-based-routing. Actually I can make them work manually, but I'm unable to persist the configuration in order to survive reboots. I've read a dozen of articles, tutorials, how-tos…
Bernard Halas
  • 135
  • 1
  • 9
1
vote
1 answer

Different gateways for different IPs on same interface on Linux

I have the following question: considering the attached image: I have a server (RHEL 7) with 3 IP addresses (on the same physical interface): 192.168.10.1 (eth0, server address on network 192.168.10.0/24) 192.168.10.100 (eth0:1, a cluster…
Riccardo M.
  • 150
  • 1
  • 9
1
vote
2 answers

PFSENSE: routing packets based on source IP address

I am trying to route packets (actually, trying to change DEFAULT GATEWAY) depending on source IP address with PFSENSE. ONE-SPECIFIC-IP ---> SPECIAL GATEWAY ANY-IP ---> DEFAULT GATEWAY I guess this can be done with some similar to CISCO's…
Pablo Santa Cruz
  • 1,144
  • 4
  • 18
  • 25
1
vote
0 answers

overlapping subnets - how to give one precedence?

I have Linux devices with a single ethernet interface and two IP adresses. The first (eth0) is statically configured to 10.1.1.146/24. The second (eth0:1) is configured via DHCP and it may happen that it gets a similar IP like 10.1.1.233/16, meaning…
Udo G
  • 443
  • 4
  • 9
  • 20
1
vote
1 answer

Pfsense multi site-to-site wan with policy based routing

We want to create a Hybrid multi WAN site to site connection between two (and more?) remote offices. The office has two WAN connections to the HQ. One MPLS and one ordinary Internet connection. In the end policy based routing should utilise both…
Daywalker
  • 495
  • 5
  • 25
1
vote
2 answers

firewalld: match which zone by policy

I have the following zones that are relevant for this question. SemiTrusted and Public I want to treat IPSEC-encrypted traffic (that is coming from some specific IP addresses) as belonging to SemiTrusted. In iptables I would use policy matching to…
ibotty
  • 119
  • 5
1
vote
0 answers

IP-rules don't seem to be working on CentOS-6.6

I faced a bit odd difficulty with policy-based routing on CentOS-6.6 server. I have a setup where I need to enroute all packets originated from 172.25.0.0/16 destinated to 172.24.0.0/16 and some XXX.155.106.50 via certain gateway (10.4.20.5) behind…
Volodymyr Melnyk
  • 577
  • 1
  • 5
  • 19
1
vote
2 answers

Set default gateway based on protocol using pfSense

I have a pfSense configured with two Internet links for broadband load balancing. One of these links block outgoing traffic on 25 port (WAN1). I have a mail server (IP 10.6.9.2) that should use the gateway of the internet without blocking (WAN2)…
Tomir Schmite Jr.
  • 243
  • 3
  • 14
1
vote
0 answers

Can I route traffic destined for a local interface out another interface?

I'm trying to set up a testbench for a transparent device (called TD from now on). The goal is to make sure it forwards and logs correctly. I need to use just 1 machine + the TD in the test bench. Yes, two machines would be easier, but I've been…
Ben Barbour
  • 111
  • 1
1
vote
2 answers

Tap0 not receiving traffic

I have created a tap device tap0 address 10.2.1.4 and added it to a host bridge br1 with address 10.2.1.1 I have "nc 10.2.1.4 -l 1234" running on the host and from another machine I do a "nc 10.2.1.4 1234". tcpdump -i tap0 doesn't show any of the…
user199098
  • 11
  • 1
  • 2
1 2
3
4 5 6 7