8

I've got a Linux webserver with 192.168.0.2/24 assigned to eth0 and 172.16.0.2/24 assigned to eth1. I must not change this. Here's the routing so far:

172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.2 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 172.16.0.0/16 via 172.16.0.1 dev eth1 default via 192.168.0.1 dev eth0

The default route leads to the Internet which the machine needs access to for downloading stuff. Now there are also packets (requests) coming in from the Internet via 172.16.0.254. How do I have to set up routing tables and rules in order to answer those requests? iptables is not possible here.

Update: Seems like this works, but it doesn't look elegant to me:

ip r a 172.16.0.0/24 dev eth1 table 10 ip r a 172.16.0.0/16 via 10.16.0.1 t 10 ip r a default via 172.16.0.254 t 10 ip rule add from 172.16.0.2 t 10
Improve this question
2
  • What doesn't look elegant about it? You create a second table, and select it based on source address. Commented Jan 4, 2013 at 18:43
  • I would also add selection according to specified output interface (e.g. ip rule add oif eth1 t 10). Commented Feb 3, 2013 at 20:35

2 Answers 2

Reset to default
0

This is called simple source-based routing, and it's covered in the LARTC HOWTO:

http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html

If you find the copy&paste of the contents of the original routing table (sans its default gateway) inelegant, you don't have to do that, you can use a trivial script:

ip route flush table 10 ip route show table main | grep -v ^default | while read ROUTE; do ip route add table 10 $ROUTE; done ip route add table 10 default via 172.16.0.254 ip rule add from 172.16.0.2 table 10 ip route flush cache
Improve this answer
-1

I think you can't.

When applications (web servers) reply, these are new packets for the kernel and it will just follow a routing table. You can't have multiple default gateways and choose one depending on what interface a packet arrived that triggered the application to send this response.

Please, just use one default gateway. Don't do NAT on multiple subnets like this. Your network design is faulty here. Really.

And if you do, then don't expect that port forwarding can do magic here.

Improve this answer
3
  • "You can't have multiple default gateways and choose one depending on what interface a packet arrived that triggered the application to send this response." Sure you can. Linux routing can consider source address. And even without that, if OP didn't have the "no iptables" restriction, connection tracking lets you do it. And this isn't necessarily a faulty network design, depends on what the restrictions are that led to it. Commented Jan 4, 2013 at 18:25
  • @ downvoter: instead of downvoting, please post an answer. Commented Feb 3, 2013 at 21:32
  • @gertvdijk: The solution is in the question already. Commented Feb 10, 2013 at 21:06

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.