Simple HOWTO: Linux Source-Based Routing

At work we had a network that has no internet access, except what we provide via their VPN connection that had been allowed through the firewall. Simple, until a small problem arose where our VPN server, which is not configured for NAT, has it’s default gateway set for it’s direct connection to the internet, and not the router which serves as default gateway for the rest of the network.

Put simply, we needed to set up a source route on the VPN server that took any packets coming from 192.168.76.0/24 and redirected them to an alternate default gateway of 172.16.1.100 on eth1, instead of the default gateway on eth0.

Here’s a quick description on how to do that:

# Create a custom route table
echo 200 remotesite >> /etc/iproute2/rt_tables
# Add your source network
ip rule add from 192.168.76.0/24 table remotesite
# Set the default route
ip route add default via 172.16.1.100 dev eth1 table remotesite
# Flush the route cache to immediately apply the change
ip route flush cache

200 = A table number you come up with (200 is fine, unless you have already created a 200 table)
192.168.76.0/24 = The network from which you want to redirect traffic
172.16.1.100 = The gateway that you wish to send 192.168.76.0/24 traffic to
eth1 = The interface that’s local to 172.16.1.100
remotesite = A table name you come up with

Do this and, tada! You’ve redirected traffic from a specfic network to an alternate network, a.k.a, source-based routing.

Now, before you go, make sure you place these lines (all but the first) in /etc/rc.local to make it persistent across reboots.

One thought on “Simple HOWTO: Linux Source-Based Routing”