doc:appunti:net:source_routing
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
doc:appunti:net:source_routing [2013/06/25 11:48] – [Firewall dual homed e source routing con Shorewall] niccolo | doc:appunti:net:source_routing [2021/10/13 18:03] (current) – [Firewall dual homed e source routing con Shorewall] niccolo | ||
---|---|---|---|
Line 27: | Line 27: | ||
# Special table for source routing. | # Special table for source routing. | ||
# See / | # See / | ||
- | 100 eth2_tbl | + | 102 eth2_tbl |
</ | </ | ||
Line 42: | Line 42: | ||
broadcast 217.19.150.255 | broadcast 217.19.150.255 | ||
# gateway 217.19.150.1 | # gateway 217.19.150.1 | ||
- | # Put a line "100 eth2_tbl" | + | # Put a line "102 eth2_tbl" |
up /sbin/ip rule add from 217.19.150.6 table eth2_tbl || true | up /sbin/ip rule add from 217.19.150.6 table eth2_tbl || true | ||
up /sbin/ip route add 217.19.150.0/ | up /sbin/ip route add 217.19.150.0/ | ||
up /sbin/ip route add default via 217.19.150.1 table eth2_tbl || true | up /sbin/ip route add default via 217.19.150.1 table eth2_tbl || true | ||
- | down /sbin/ip rule del from 217.19.150.6 table eth2_tbl || true | ||
- | down /sbin/ip route del 217.19.150.0/ | ||
down /sbin/ip route del default via 217.19.150.1 table eth2_tbl || true | down /sbin/ip route del default via 217.19.150.1 table eth2_tbl || true | ||
+ | down /sbin/ip route del 217.19.150.0/ | ||
+ | down /sbin/ip rule del from 217.19.150.6 table eth2_tbl || true | ||
</ | </ | ||
Line 65: | Line 65: | ||
</ | </ | ||
+ | Attenzione alla **priorità delle regole** (rules)! Il numero più basso ha priorità maggiore, se non viene indicato il parametro **'' | ||
====== Source IP con ip route ====== | ====== Source IP con ip route ====== | ||
Line 93: | Line 94: | ||
# Special table for source routing. | # Special table for source routing. | ||
# See / | # See / | ||
- | 100 eth2_tbl | + | 102 eth2_tbl |
</ | </ | ||
Line 144: | Line 145: | ||
====== Firewall dual homed e source routing con Shorewall ====== | ====== Firewall dual homed e source routing con Shorewall ====== | ||
- | **Esempio**: | + | **Esempio**: |
Queste le accortezze da utilizzare: | Queste le accortezze da utilizzare: | ||
* In **''/ | * In **''/ | ||
- | * In **''/ | + | * In **''/ |
+ | * In **''/ | ||
+ | * In **''/ | ||
**''/ | **''/ | ||
Line 156: | Line 159: | ||
# Special table for source routing. | # Special table for source routing. | ||
# See / | # See / | ||
- | 100 eth2_tbl | + | 102 eth2_tbl |
</ | </ | ||
Line 169: | Line 172: | ||
# gateway 94.94.64.137 | # gateway 94.94.64.137 | ||
up /sbin/ip rule add from 94.94.64.138 table eth2_tbl || true | up /sbin/ip rule add from 94.94.64.138 table eth2_tbl || true | ||
- | up /sbin/ip rule add fwmark | + | up /sbin/ip rule add fwmark |
up /sbin/ip route add 94.94.64.136/ | up /sbin/ip route add 94.94.64.136/ | ||
up /sbin/ip route add default via 94.94.64.137 table eth2_tbl || true | up /sbin/ip route add default via 94.94.64.137 table eth2_tbl || true | ||
down /sbin/ip route del default via 94.94.64.137 table eth2_tbl || true | down /sbin/ip route del default via 94.94.64.137 table eth2_tbl || true | ||
down /sbin/ip route del 94.94.64.136/ | down /sbin/ip route del 94.94.64.136/ | ||
- | down /sbin/ip rule del fwmark | + | down /sbin/ip rule del fwmark |
down /sbin/ip rule del from 94.94.64.138 table eth2_tbl || true | down /sbin/ip rule del from 94.94.64.138 table eth2_tbl || true | ||
</ | </ | ||
- | **''/ | + | **''/ |
< | < | ||
- | eth0 10.22.20.0/24 | + | SNAT(217.58.174.226) |
- | eth2 10.22.20.0/ | + | SNAT(94.94.64.138) 192.168.1.0/ |
</ | </ | ||
+ | **''/ | ||
+ | |||
+ | < | ||
+ | eth0 10.22.20.0/ | ||
+ | eth2 10.22.20.0/ | ||
+ | </ | ||
**''/ | **''/ | ||
< | < | ||
- | # Mark some traffic to be routed via eth2. | + | # Packets source-routed via eth2 must use eth2 source address, |
- | iptables -A PREROUTING | + | # otherwise source address for default gateway is used. |
- | iptables -A PREROUTING -t mangle | + | iptables |
+ | |||
+ | # For connections originating from eth1 LAN. | ||
+ | iptables -A PREROUTING -t mangle | ||
+ | iptables -A PREROUTING -t mangle -i eth1 --proto tcp --dport | ||
+ | |||
+ | # For locally geneated connections. | ||
+ | iptables -A OUTPUT -t mangle --proto tcp --dport 22 -j MARK --set-mark | ||
</ | </ | ||
doc/appunti/net/source_routing.1372153685.txt.gz · Last modified: 2013/06/25 11:48 by niccolo