routing question

[peterve]

Hi,

is there a way to configure the local routing table so that traffic from a specific host on the network, go to a specific host on another subnet is routed to gateway1;
and all other hosts on the local network, to the same host on the remote subnet, are using gateway 2 ?

I'm using RedHat, but I guess this is not really OS-related

thanks



--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[rvnguy]

peterve,

I assume that you want all traffic to be redirected if so you need to locate info on "Forwarding" and maybe "Masking" in your tools for the specific steps.

Forwarding a domain name enables you to redirect incoming traffic from your specific host (either IP address or DNS) domain to another specific host.
Thus, when someone attempts to access your domain, they
will be automatically redirected.

Forwarding redirects all Web traffic for a domain to a specific URL.
Masking works with domain name forwarding. When someone types your-domain-name.com(or IP Address) into a browser, your routing table entry will automatically forward or redirect them to your selected destination URL.

Forwarding with Masking will prevent visitors from knowing that they have been redirected by securing that the initial domain name remains in the visitor's browser's address bar when they are redirected,
thus concealing the actual destination address.
The Forwarding with Masking option further enables you to add a title, plus description and keywords Meta tag data to the masked site.
Title and Meta tag information can be important if this site is available to outside traffic as it will influence a Web site’s search engine ranking, but will not influence how the Web site is being displayed.

RVNGUY

 

[peterve]

That's not what I meant

Suppose I have 2 servers on my network.
Both servers have the same default gateway. That gateway is responsible for routing the traffic from those 2 servers to remote machines, using 2 routers.

I want all traffic from local server 1, going to remote server X to go via router 1.
All other traffic from the local network to that remote network must go via router 2
Only traffic between server 1 and server X must go over router 1.



--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[marsd]

route add -host $destinationhost gw $gw dev $device

HTH.

 

[peterve]

I want to be more specific... I'm not only trying to route traffic to one specific host, but also from one specific host.
All traffic from the local network going to hosts in the other network, where local host <> server1 and remote host <> server X, must go to another gateway

any ideas ?
(maybe I should use NAT... don't know)


--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[pcunix]

No, I don't think that's what he wants either.

I *think* he's saying that Machine A is the gateway for B and C.

A can route to R1 or R2 to get to OtherBOX.

If A recieves a packet from B that is going to Otherbox, he wants to send it through R1, but if that packet comes from C, he wants it to go through R2. In other words, packets destined for Otherbox are to take a different path dependent upon where they ORIGINATED.

He must have a reason for this oddness, and if he explained that somebody might even offer a better idea.





Tony Lawrence
Linux/Unix/Mac OS X Resources

http://aplawrence.com

 

[peterve]

ok, I'll explain why it is


host 1 only talks to host x, but takes a lot of bandwidth
so I want host 1 to send all traffic to host X over a site-to-site VPN connection.
All other traffic from the local network to the remote network should use the regular WAN connection...

I think that is fair enough - isn't it ?


--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[pcunix]

No, that doesn't make sense..

Maybe you should describe this in more detail, using example IP's so it all makes sense to us.

Is there a reason why Host 1 has to go through the GW box to get to the VPN router - iow, why can't it set its own route to x?



Tony Lawrence
Linux/Unix/Mac OS X Resources

http://aplawrence.com

 

[ericbrunson]

It's not that complicated to understand. He wants to establish a policy-based route so traffic originating from a certain host is always directed over a dedicated connection. What's so hard to comprehend?

Peterve,

Linux has supported policy based routing since kernel version 2.2 via the iproute2 tools. If you google for "policy-based routing linux" you will find many valuable resources explaining exactly how to do what you need. If you read them and have specific questions, please come back here for more help.

 

[marsd]

Hmmm. You add the route to the source host..the source host knows to route traffic to destination. Excuse me if I am missing something but WTF are you guys talking about?

You don't need to mangle this. It's very simple. Tell the source host that it needs to get point X from source P, make sure that source P is accessible and forget about it.

 

[lgarner]

Source host A has a single route- the default gateway, to host B via router R1. R1 connects to another router R2 via two links, a frame-relay and a VPN. Let's say the VPN is normally used to back up the frame-relay link, but since it also has higher bandwidth we'd like the high-volume traffic from A to B to traverse the VPN while all other traffic to B from A's network uses the frame.

In this case, the routing decision must be made by R1 based on the source address. If traffic is from A, send it via the VPN, otherwise send it over the frame.

This isn't a strange idea. I've created exactly this scenario, but with Cisco routers. So, unfortunately I can't explain how it's done with Linux. Policy-based routing is what it's called, and I'm sure Linux can support it.

 

[peterve]

ericbrunson has it right - I'll have a look at iproute2

for the others, this is an easy example



network 1 : 10.1.0.0/16
default gateway : 10.1.0.254
the gateway has 3 interfaces : 10.1.0.254 (LAN),
172.29.0.254/24 (to router 1) and 172.29.1.254 (to router 2)

both routers have a connection to the remote network 192.168.0.0/24

the setup at the remote site has a similar topology

In short : there's nothing you can do on the server side, everything needs to be handled on the default gateways

When server 10.1.0.1 wants to send traffic to 192.168.0.1, then the default gateway needs to send the traffic over router 2
when server 10.1.0.1 wants to send traffic to hosts other than 192.168.0.1, then the default gateway needs to send the traffic over router 1
when machines other than 10.1.0.1 want to send traffic to hosts in 192.168.0.0, then it needs to go over router 1 also

pcunix, does that make sense now ?

lgarner : your comments are correct, but in my case, I have 3 routers (1 linux firewall acting as default gateway) and then 2 cisco routers, in their own DMZ, behind the firewall.
One of the routers is a Frame Relay, the other one is a VPN device



--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------