What about a slightly different situation? I have a 2 NIC system, but only one gatway. I want to firewall traffic per NIC by interace. For example, say eth0 has an ip of 192.168.1.2, and eth1 has an ip of 192.168.1.3. If traffic in-bound comes over .2, I want it to only go out .2. if traffic goes into .3, I only want it to go out .3. I am trying to completely isolate traffic per interface. I think a variant of what you showed above would allow for this? But I am not a routing guru, so I am not sure I understand everything completely. A classic example would be DNS or HTTP based traffic, I want isolate DNS/HTTP on .2 interface, so the .3 interface is not impacted. And I want the .3 interface to handle all NFS traffic, so the .2 interface is not impacted. I have DNS, HTTP, and NFS setup correctly, but I still save all traffic following the default out-bound route of course. Any suggestions?
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2 table uplink0
ip route add default via 192.168.1.1 dev eth0 table uplink0
ip rule add from 192.168.1.2/32 table uplink0
ip rule add to 192.168.1.2/32 table uplink0
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.3 table uplink1
ip route add default via 192.168.1.1 dev eth1 table uplink1
ip rule add from 192.168.1.3/32 table uplink1
ip rule add to 192.168.1.3/32 table uplink1
Thanks, great assistance, appreciated… sorry for the mislocated post. Side note, Fedora 15 does not seem to support the flush option, but otherwise no issues.
4 Comments
http://www.bing.com/search?q=route+explain+linux
When you say “googling has paid off”.
I prefer Bing, you should try it.
What about a slightly different situation? I have a 2 NIC system, but only one gatway. I want to firewall traffic per NIC by interace. For example, say eth0 has an ip of 192.168.1.2, and eth1 has an ip of 192.168.1.3. If traffic in-bound comes over .2, I want it to only go out .2. if traffic goes into .3, I only want it to go out .3. I am trying to completely isolate traffic per interface. I think a variant of what you showed above would allow for this? But I am not a routing guru, so I am not sure I understand everything completely. A classic example would be DNS or HTTP based traffic, I want isolate DNS/HTTP on .2 interface, so the .3 interface is not impacted. And I want the .3 interface to handle all NFS traffic, so the .2 interface is not impacted. I have DNS, HTTP, and NFS setup correctly, but I still save all traffic following the default out-bound route of course. Any suggestions?
Hi Schorsci,
Please keep future comments on the relevant blog post page (https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/).
To answer your question, let’s assume:
eth0 – 192.168.1.2 netmask 255.255.255.0
eth0′s gateway is: 192.168.1.1
eth1 – 192.168.1.3 netmask 255.255.255.0
eth1′s gateway is: 192.168.1.1
Here are the corresponding commands:
printf “1\tuplink0\n” >> /etc/iproute2/rt_tables
printf “2\tuplink1\n” >> /etc/iproute2/rt_tables
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2 table uplink0
ip route add default via 192.168.1.1 dev eth0 table uplink0
ip rule add from 192.168.1.2/32 table uplink0
ip rule add to 192.168.1.2/32 table uplink0
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.3 table uplink1
ip route add default via 192.168.1.1 dev eth1 table uplink1
ip rule add from 192.168.1.3/32 table uplink1
ip rule add to 192.168.1.3/32 table uplink1
ip route flush
Thanks, great assistance, appreciated… sorry for the mislocated post. Side note, Fedora 15 does not seem to support the flush option, but otherwise no issues.