Pejman Moghadam / General

Linux policy routing examples

Public domain

---

Policy route based on source address using iproute alone

ip route add default via 192.168.1.1 table 4
ip rule  add from 172.16.0.0/24 table 4
ip rule  add from 172.16.0.0/24 to 172.16.0.0/24 table main

---

Policy route ICMP protocol using iproute and iptables together

ip rule  add fwmark 1 table 4
ip route add default via 192.168.1.1 dev eth1 table 4
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o eth1 -p icmp -j SNAT --to 192.168.1.5

---

Policy route based on user id (uid)

You could not check this policy route with ping command, because of setuid flag setting on ping binary file

ip rule add fwmark 1 table 4
ip route add default via 192.168.1.1 dev eth1 table 4
iptables -t mangle -A OUTPUT -m owner ! --uid-owner root -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o eth1 -m owner ! --uid-owner root -j MASQUERADE

---

BY: Pejman Moghadam
TAG: iproute, iptables, policy-route
DATE: 2012-06-07 15:18:01

---

Pejman Moghadam / General [ TXT ]