====== Linux routing tips ====== tweak linux [[:linux:sysctl|sysctl]], see [[:linux:sysctl#linux as router|this]] ===== Source routing .. ===== ip route add x.x.x.x/26 dev vlan501 src x.x.x.2 table link1 ip route add default via x.x.x.1 table link1 ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20 table link2 ip route add default via z.z.z.z.1 table link2 ip route add x.x.x.0/26 dev vlan501 src x.x.x.2 ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20 ip route add default via x.x.x.x.1 ip rule add from x.x.x.2 table link1 ip rule add from z.z.z.20 table link2 to create rule that covers the whole interface (or even per port) and inbound traffic Be careful if you're using 26sec ipsec stack. The ipsec inbound interface is the same as physical one and you'll be having problems with ipsec routing table iptables -t mangle -I PREROUTING -i vlan501 -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -i vla2510 -j MARK --set-mark 0x2 ip rule add fwmark 0x1 table table link1 ip rule add fwmark 0x2 table table link2 ===== same-alternative method ===== ip route add 87.224.167.g1 dev eth1 table ETH1 ip route add default via 87.224.167.g1 dev eth1 table ETH1 ip route add 212.49.121.g2 dev eth3 table ETH3 ip route add default via 212.49.121.g2 dev eth3 table ETH3 iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1 ip rule add fwmark 1 pri 100 table ETH3 iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source= 212.49.121.g2 echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter ip rule add from 87.224.167.add1 pri 200 table ETH1 ip rule add from 212.49.121.addr2 pri 250 table ETH3