Posted by & filed under Uncategorized.

Sending Packets back OUT the interface they came IN

 

Redhat/Centos 5, 6, 7 support automatically configuring iproute2 routing tables when you bring up multiple interfaces that are connected to different subnets.

This is done by configuring some additional files in /etc/sysconfig/network-scripts/

For each interface ethX, you need a rule-ethX and a route-ethX file. Suppose you have two subnets, 192.168.1.0/24 and 192.168.2.0/24, and your server is configured with two interfaces on 192.168.1.5 and 192.168.2.5. Assume your gateway is .1 on both networks.

Create these four files in /etc/sysconfig/network-scripts/
Then run ‘service network restart’

When you run ‘ip rule ls’ you will see your rules. When you run ‘ip route ls’ you will see your routes.
You can verify that things are working with tcpdump and ping.

rule-eth1:

iif eth1 table 1
from 192.168.1.5 table 1
to 192.168.1.0/24 table 1

route-eth1:

192.168.1.0/24 dev eth1 table 1
default via 192.68.1.1 dev eth1 table 1

rule-eth2:

iif eth2 table 2
from 192.168.2.5 table 2
to 192.168.2.0/24 table 2

route-eth2:

192.168.2.0/24 dev eth2 table 2
default via 192.68.2.1 dev eth2 table 2

Note: The “to” rules only affect packets that originate on this server. If you want those to all go out the normal default gateway, you can remove the “to” rules.