Wednesday, 15 June 2011

Route IP traffic and create static routes

When I first read this objective I immediately thought of the routing table. It turns out that in Linux land there is no -p command to make the routes persistent, instead they need to be written to /etc/sysconfig/network-scripts/route-interface, where interface is the name of the interface, e.g. eth0.

There are two main ways of setting a route with this method, assuming you want the routes set for eth0.
1. echo "10.10.11.0/24 via 10.168.20.227 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0
2. echo "10.10.11.0/24 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0
You can activate the routes with the following command:
/etc/sysconfig/network-scripts/ifup-routes eth0
The first way will provide a route to the 10.10.11.0 network  and set 10.168.20.227 as the gateway for that route, in other words, it expects 10.168.20.227 to be able to route those packages to the 10.10.11.0 network (or at least to forward them to a server/router that can), you can check the routing table in a myriad of ways, for instance (only showing relevant line):
netstat -nr
Kernel IP routing table
Destination        Gateway             Genmask     Flags MSS Window irtt Iface
10.10.11.0       10.168.20.227     255.255.255.   0   UG 0 0 0 eth0
The second way will provide a similar route to the 10.10.11.0, but will not set a gateway for that route. So that instead of sending the packages to the gateway, it will simply send them directly to the 10.10.11.0 network.
route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.11.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
For completeness, the commands needed to achieve the same as above are the following:
route add -net 10.10.11.0 netmask 255.255.255.0 gw 10.168.20.227 eth0 

route add -net 10.10.11.0 netmask 255.255.255.0 eth0
Note, that a reboot will clear these from the routing table, so you should use them only for testing before writing them to the interface route file.

There is a different way of routing with iptables, you can have a look at this post, however I don't think this is what Red Hat had in mind with this objective.

No comments:

Post a Comment