====== Linux routing tips ======

tweak linux [[:linux:sysctl|sysctl]], see [[:linux:sysctl#linux as router|this]]




===== Source routing .. =====

   ip route add x.x.x.x/26 dev vlan501 src x.x.x.2 table link1
   ip route add default via x.x.x.1 table link1
   ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20 table link2
   ip route add default via z.z.z.z.1 table link2
   
   ip route add x.x.x.0/26 dev vlan501 src x.x.x.2
   ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20
   
   ip route add default via x.x.x.x.1
   
   ip rule add from x.x.x.2 table link1
   ip rule add from z.z.z.20 table link2

to create rule that covers the whole interface (or even per port) and inbound traffic

<note important>Be careful if you're using 26sec ipsec stack. The ipsec inbound interface is the same as physical one and you'll be having problems with ipsec routing table</note>

  iptables -t mangle -I PREROUTING -i vlan501 -j MARK --set-mark 0x1
  iptables -t mangle -I PREROUTING -i vla2510 -j MARK --set-mark 0x2
  ip rule add fwmark 0x1 table table link1
  ip rule add fwmark 0x2 table table link2


===== same-alternative method =====

  ip route add 87.224.167.g1 dev eth1 table ETH1
  ip route add default via 87.224.167.g1 dev eth1 table ETH1
  ip route add 212.49.121.g2 dev eth3 table ETH3
  ip route add default via 212.49.121.g2 dev eth3 table ETH3
  
   iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1
   
   ip rule add fwmark 1 pri 100 table ETH3
   
   iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source= 212.49.121.g2
   
   echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter
   
   ip rule add from 87.224.167.add1 pri 200 table ETH1
   ip rule add from 212.49.121.addr2 pri 250 table ETH3