LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-19-2012, 05:02 AM   #1
nuvista175
LQ Newbie
 
Registered: Jan 2012
Posts: 7

Rep: Reputation: Disabled
Different default gateway for one host


Hello

I have a Linux machine that act as router between internal networks and Internet. There are several network interfaces on this host, but right now we only talk about two as I see it:

eth0 - local network (172.16.1.1/16)
eth1 - Internet connection (Dynamic IP)

I have set up a new VPN connection (ppp0) on this host and I want some hosts in my network to use this link as "way out to the Internet" instead of eth1. All other hosts should use eth1 as before.

But how do I do this? I've tried to search for it, got some hints here and there. I've tried some, but nothing have worked out for me so far.

If you know how to do this, please give some examples on how this could be done. I guess that we're talking about both static routes as well as iptables entries to accomplish this.

Best regards and thanks in advance

// Robert
 
Old 01-19-2012, 05:16 AM   #2
MartinStrec
Member
 
Registered: Jan 2012
Location: Czech
Distribution: Fedora, RHEL, Ubuntu, Mint
Posts: 110

Rep: Reputation: 14
Hi,

you have to think about packet flow in iptables. Use the packet marking (it's a prerouting process) and then choose correct correct routing table. I send you a page with a good example.

see http://www.linuxhorizon.ro/iproute2.html
 
Old 01-19-2012, 07:19 AM   #3
nuvista175
LQ Newbie
 
Registered: Jan 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
Hello and thank you for you answer.

If I understand this correctly, I can use this method but I only need to have one entry in the /etc/iproute2/rt_tables, the VPN link. All other traffic will go the same way as it does today, using the systems default gateway. Am I right?

Q1) The example show how this is done if you have two or more subnets that you wan't to route differently, but in my case I need to add a specific host in the same network as everything else instead of a specified subnet. Is that possible somehow?

While setting up these routing rules for the VPN connection, I have to specify an IP address for the VIA clause. I don't know this apparantly, I don't see it anywhere. I've checked in the /var/log/messages and it tells me:
CHAP authentication succeeded
PPP MPPE Compression module registered
MPPE 128-bit stateless compression enabled
local IP address X.X.X.83
remote IP address X.X.X.1

Q2) Should I use "remote IP address" from the ppp0 link to route via or is it possible somehow to use the "interface name" ppp0? I ask this because this IP address might be different the next time the link is set up.

// Robert

Last edited by nuvista175; 01-19-2012 at 07:26 AM.
 
Old 01-19-2012, 11:03 AM   #4
MartinStrec
Member
 
Registered: Jan 2012
Location: Czech
Distribution: Fedora, RHEL, Ubuntu, Mint
Posts: 110

Rep: Reputation: 14
A1)

yes, that link is just an example. You can use any kind of identify packet by (-s) source IP or mask or (-i) input interface. That is the way how to mark packet. Google 'iptables packet mark example' you obtain many relevant pages.

A2)

your second default route is to the gateway X.X.X.1 via ppp0
 
Old 01-22-2012, 09:53 AM   #5
nuvista175
LQ Newbie
 
Registered: Jan 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
This does not work for me. I must have missed something. I will try explain what I have done so far:



1. I "call" the VPN with pppd call ANONINE


2. The link is established and shows up after a few seconds in ifconfig

ppp0 Link encap:Point-to-Point Protocol
inet addr:178.73.197.70 P-t-P:178.73.197.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:26151 errors:0 dropped:0 overruns:0 frame:0
TX packets:81231 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3099924 (2.9 MiB) TX bytes:12238574 (11.6 MiB)


3. I've added a new entry in /etc/iproute2/rt_tables so that it look like this

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 ANONINE

4. I then use the two commads to set the default gateway for the ANONINE table and add the wanted host to that table

ip route add default via 178.73.197.1 dev ppp0 table ANONINE
ip rule add from 172.16.100.11/32 table ANONINE

5. All other hosts still got Internet connection through the "regular" default gateway but my 172.16.100.11 doesn't get any Internet connection at all.

6. I've got two rows in my /etc/sysconfig/iptables file also. I'm not certain about those but I thought they should be there to make the ppp0 connection work as my regular Internet connection does.

-A POSTROUTING -o ppp0 -j MASQUERADE
-A FORWARD -i eth0 -o ppp0 -j ACCEPT

(I've got the same two lines, but with -o eth1)


Is there easy way to see if my VPN is working at all? I can see traffic going on that device (ppp0) but I'm not really sure it works as it should. Any easy thing I can do to verify this?

// Robert
 
Old 01-23-2012, 03:24 AM   #6
nuvista175
LQ Newbie
 
Registered: Jan 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
Update... and problably the solution

ip rule add from 172.16.100.11 table ANONINE
did the trick. Thanks a million!


// Robert
 
Old 01-23-2012, 03:27 AM   #7
Lexus45
Member
 
Registered: Jan 2010
Distribution: Debian, Centos, Ubuntu, Slackware
Posts: 361
Blog Entries: 3

Rep: Reputation: 48
If you have an opportunity - you may use SNAT for those IP addresses/subnets and NAT all traffic from them to the certain interface (VPN link).
But if you can not use NAT, this method is not preferred.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Apache2 - virtual host defaulting to default host slimjim Linux - Server 1 10-31-2009 02:47 AM
normal default gateway reapperas with openvpn redirect-gateway jonnytabpni Linux - Networking 2 04-23-2009 03:11 PM
non-default route to static host through gateway for ppp failover testing jrscandora Linux - Networking 3 04-21-2009 03:20 AM
. as default gateway serge Linux - Networking 3 01-31-2009 10:39 AM
default gateway avikosan Linux - Networking 3 12-09-2003 06:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration