[TriLUG] Routing traffic to a non-default gateway
Aaron Joyner via TriLUG
trilug at trilug.org
Thu Jan 12 10:33:24 EST 2023
(I really want to type out why you can't talk to something outside your
subnet in terms of how IP packets are framed, but I don't have time to type
that this morning. If someone wants to explain ether and IP src and dst
headers, maybe even with tcpdump output, I think it's a great opportunity.
If no one takes me up on my offer, but you're reading this and want to
learn, pick up a copy of TCP/IP Illustrated by Richard Stevens.)
On Thu, Jan 12, 2023 at 10:29 AM Aaron Joyner <aaron at joyner.ws> wrote:
> This original problem description isn't clear to me. Are the hosts on
> br-closed able to reach 192.168.2.2? If they're not, the advice offered by
> Brian and John won't work. Their default gateway must be within their
> subnet.
>
> A simple diagram may help. Is this what the connectivity looks like?
>
> 192.168.2.0/24
> ^
> |
> v
> 192.168.1.1/24 <--> bob <--> 192.168.10.0/24
>
> For devices on the logical network br-closed (devices who only have an IP
> in the 192.168.10.0/24 subnet) to reach 192.168.2.2, they need to have a
> logical path out of their subnet to that network. Some device with IP
> addresses in both networks will need to route that traffic.
>
> You said:
>
>> I want to have all devices in br-closed to use br-hop as their default
>> gateway
>>
>
> Strictly speaking, as written, that's not possible. Your default gateway
> must be an IP address in a subnet where you have an address. I'm going to
> assume for a second that you mean you want traffic from those hosts to flow
> to Bob, but if Bob does not have a more specific route for that traffic,
> that it should forward it to 192.168.2.2. This would be a change from its
> usual behavior, which would be to forward the traffic to Bob's default
> route of 192.168.1.1.
>
> If that's a correct description of your request, the solution you want is
> called "Policy Routing". You'll need to use the ip tools to define a
> custom routing table, and add a rule which matches traffic from
> 192.168.2.0/24 to direct it to that table. You can then add a default
> route on that table, which will only apply to traffic being routed from the
> br-closed subnet.
>
> Google has plenty of articles once you know the lingo that give you some
> useful examples to crib from. Here are a couple:
>
> https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
>
> https://medium.com/@marthin.pasaribu_72336/linux-policy-routing-introduction-37933f8cb62e
>
> The TriLUG archives also contain some previous (longer) discussions about
> policy routing which you might be able to dig up.
>
> If I've totally misunderstood the problem, maybe try again with a diagram?
> :)
>
> Best wishes,
> Aaron S. Joyner
>
>
> On Wed, Jan 11, 2023 at 9:06 AM Mauricio Tavares via TriLUG <
> trilug at trilug.org> wrote:
>
>> I have a linux host, bob, acting as a router. Traffic goes out using
>> its default gateway, 192.168.1.1/24 interface br-out. So far so good.
>>
>> I have two networks I would like to focus on:
>> - 192.168.10.0/24, interface br-closed. bob is also acting as dhcp/dns
>> for this network.
>> - 192.168.2.0/30 (hop to other router, whose IP is 192.168.2.2),
>> interface br-hop
>>
>> I want to have all devices in br-closed to use br-hop as their default
>> gateway, and I seem to be having a hard time writing the proper ip
>> route statement for that. Or maybe I should use iptables instead,
>> which leads to: what is the best way and why?
>> --
>> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from
>> that address.
>> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web :
>> https://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
>> Welcome to TriLUG: https://trilug.org/welcome
>
>
More information about the TriLUG
mailing list