Subject: Setting up policy routing
To: None <tech-net@netbsd.org>
From: Sumit Pandya <sumit@elitecore.com>
List: tech-net
Date: 04/26/2002 14:40:41
Hi All,
Below is my setup
Corporate Computer 1
+-----------------+ Linux router/Host
|192.168.1.2 |-------+ +----------------+ 10.1.1.1 with gateway 10.1.1.2
+-----------------+ | | |---------------------
HUB -----|192.168.1.1 |
+-----------------+ | | |---------------------
|192.168.1.130 |------+ +----------------+172.16.0.1 with gateway
172.16.0.2
+-----------------+
Corporate Computer 2
My corporate network is setup with 192.168.1.0/24. Lower-end of this
network; i.e. from IP 192.168.1.2 to 192.168.1.125; is for higher
authorities of organization and remaining 192.168.1.128 to 192.168.1.254 IPs
are assigned to rest of the employee's computer. My Internet access server
has 2 connections to Internet; say 10.1.1.1 with gateway 10.1.1.2, speed
128Kbps and 172.16.0.1 with gateway 172.16.0.2 speed 64Kbps.
I want computers of higher authority will go from 128Kbps link. For that I
add following routing entries with "ip" command of iproute2.
# ip rule add from 192.168.1.0/25 table 128speed
# ip route add via 10.1.1.2 table 128speed
# ip rule add from 192.168.1.129/25 table 64speed
# ip route add via 172.16.0.2 table 64speed
# iptables –t nat –A POSTROUTING -j MASQUERADE
After this setup I cannot access either Linux router or Internet because
all reply goes to device of default route for my computers. I.e.
packets/responses for computer 192.168.1.130 go to interface with IP
172.16.0.1. This is because routes for my internal network is there in table
"main" and my rules are added before the rule to traverse "main". Now what I
want is entries of main table (or rule to traverse main table) is consulted
before my rules.
While defining "rules" I can specify preference with "pref" option to "ip
rule add ...", so my rules will be traveled after main table. But here in
this case problem is entry of default route in table "main". Finally I
removed that default route from table main and everything worked for me.
Now my questions are
1> Before all above described solution, I try to get it working by
specifying metric 2 in the route I added into my rules but that doesn't
worked. Is scope of metric is limited of one rule?
2> Does there exist any easier solution then what I did in my setup?
3> Do you think to get this configuration activated at system bootup I add a
nice script in rc.local or any other way?
Thanks for replies.
--Sumit