Re: Kernel Routing sequence

From: Henrik Nordstrom
Date: Fri Aug 12 2005 - 04:35:22 EST


On Fri, 12 Aug 2005, Al Boldi wrote:

ping from 10.0.2.1/8 to 10.0.0.1 should route out to 10.0.0.0/8 and
not to 10.0.1.0/24 even if the route lists before 10.0.0.0/8!

What is 10.0.2.1/8 in this discussion? An interface with the IP of 10.0.2.1 and mask of /8 (255.0.0.0)? If so this interface will get all 10.X traffic for which no other more specific route exists.

What you say above won't happen. A 10.0.1.0/24 route won't ever get traffic for 10.0.0.* as it is not within it's scope. Check your routing table again, I do not think it looks the way you seem to think it does

ip ro ls

From what I can remember the data shown earlier does not match your
problem description above either. Seem to remember you having two interfaces in the 10.x/8 network range. Only one of these two interfaces will get the 10.x/8 route. Having more than one interface in the same network range is generally a bad idea, but works reasonably provided one uses a subnet of the other.

To include the source address in your routing decisions see "ip
rule add/remove" and the Linux Advanced Routing howto.

Is there a way to do it w/o iptables?

Yes (the experimental route target), but it is much better done in routing. The Linux kernel can route in pretty much any manner you can imagine, it just needs to be given proper instructions. But as always it is best to design your network in such manner that no strange routing is needed.

Regards
Henrik
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html