Changes between Version 1 and Version 2 of Concepts-PolicyRouting-Linux

Timestamp:

07/08/17 05:50:06 (7 years ago)

Author:

krzee king

Comment:

--

Concepts-PolicyRouting-Linux

@@ -39 +39 @@
 
 Remember to integrated the above samples properly into your distro startup. The route/rule setup should have a place in your networking configuration files. Most distros also provide a way to load Netfilter rules in `iptables-save` syntax, which is generally a wrapper around the `iptables-restore` command. Place the above rule segments into such a file and your distro init will pick it up at the proper time during boot.
+
+== Note on another way to do it ==
+When I read the above write-up it taught me another way to achieve a goal that I already knew how to solve.[[BR]]
+The problem is when a server that has services listening on the internet, and then runs openvpn with redirect-gateway, the server loses its ability to host its services on its physical interface. Packets get to the service, but the servers response gets routed over the VPN and lost. A clear difference between those return packets and packets generated from the server is the source address. When the IP on the physical device is contacted, it will reply with the IP from the physical device as its source. When the server is generating traffic it will have the source IP of the device that you route through, so the VPN device.[[BR]]
+If we assume the servers physical device is 10.0.0.2 and its gateway is 10.0.0.1 then the following commands should solve the problem:
+
+{{{
+ip route add default via 10.0.0.1 table 10
+ip rule add from 10.0.0.2 table 10
+}}}
+
+The first command adds a second routing table (table 10) with the normal default route (the one the server uses without a vpn)[[BR]]
+The second command tells the server to route any packets with src 10.0.0.2 out of the table that we just made (table 10 in our case)