IP rule not work, the kernel only look up in main table

enri_duran · 10-05-2015, 04:53 AM

I need to make a routing using the IP source address. I want the traffic received with source IP 192.168.3.0/24 and destination IP 192.168.2.0/24 is routed through eth0 interface. I am using the kernel versin 3.16.0-30-generic. I modified the file /proc/sys/net/ipv4/ip_forward to 1. After I used:

Code:

# echo 200 virt1 >> /etc/iproute2/rt_tables
# ip rule add from 192.168.3.0/24 table virt1
# ip route add 192.168.2.0/24 dev eth0 tab virt1

Code:

# ip rule list
0:  from all lookup local 
32765:  from 192.168.3.0/24 lookup virt1 
32766:  from all lookup main 
32767:  from all lookup default

I deleted the default route. Now the main routing table is:

Code:

# ip route show table main
172.16.1.0/24 dev eth1  proto kernel  scope link  src 172.16.1.1 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1

To test whether it work I use socket type SOCK_RAW, with fields of the IP packet

Code:

iph->saddr = inet_addr ("192.168.3.4");
iph->daddr = inet_addr ("192.168.2.50");

If I run this, I get "Sendto: Network is unreachable". However, if you use the main table:
# ip rule add from 192.168.3.0/24 table main
# ip route add 192.168.2.0/24 dev eth0 tab main

The packet is sent

lazydog · 10-07-2015, 07:34 AM

You are aware that routing decisions are only for what is leaving the machine not for what interface it is coming in on. Inbound is controlled by where you are plugged into not what you have setup on your machine.

enri_duran · 10-15-2015, 04:32 AM

Finally I got it work. The problem is that you have to put the IP address of next hop.

Code:

# echo 200 virt1 >> /etc/iproute2/rt_tables
# ip rule add from 192.168.3.0/24 table virt1
# ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0 tab virt1