[TriLUG] Routing traffic to a non-default gateway
John Franklin via TriLUG
trilug at trilug.org
Wed Jan 11 14:50:05 EST 2023
On Jan 11, 2023, at 11:18, Brian via TriLUG <trilug at trilug.org> wrote:
>
> On 1/11/23 09:06, Mauricio Tavares via TriLUG wrote:
>> I have a linux host, bob, acting as a router. Traffic goes out using
>> its default gateway, 192.168.1.1/24 interface br-out. So far so good.
>> I have two networks I would like to focus on:
>> - 192.168.10.0/24, interface br-closed. bob is also acting as dhcp/dns
>> for this network.
>> - 192.168.2.0/30 (hop to other router, whose IP is 192.168.2.2),
>> interface br-hop
>> I want to have all devices in br-closed to use br-hop as their default
>> gateway, and I seem to be having a hard time writing the proper ip
>> route statement for that. Or maybe I should use iptables instead,
>> which leads to: what is the best way and why?
>
> I think this can be accomplished by having bob configure the clients on br-closed to use 192.168.2.2 as /their/ default gateway via dhcp (dhcp option 3). It will also be necessary to send them a static route so that they know 192.168.2.0/30 is accessible via bob's .10.0/24 address (dhcp option 121)
>
> I think that'll do the trick. bob himself only needs to know routing is allowed between those two interfaces.
I concur with that.
Depending on *why* br-closed should only go through br-hop, you may want to add some "layered defense" via an iptables rule to firewall off 192.168.10/24 from br-out. That way a mis-configured DHCP host entry or a static config on a br-closed system can’t override the default routing.
jf
--
John Franklin
franklin at elfie.org
More information about the TriLUG
mailing list