policy routing

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
gpb68
OpenVpn Newbie
Posts: 1
Joined: Sat Jun 17, 2017 6:53 pm

policy routing

Post by gpb68 » Sun Jun 18, 2017 1:53 am

I'm trying to isolate traffic for one server (192.168.0.240) to go over my standard ethernet connection and not the VPN because I am running ftp & plex on this server. All traffic is being routed through my wifi router which is hooked up to my comcast cable modem.

# routing table from wifi router
0.0.0.0/1 via 10.58.10.5 dev tun0
default via 50.186.18.1 dev eth0 proto static src 50.186.18.140
10.58.10.1 via 10.58.10.5 dev tun0
10.58.10.5 dev tun0 proto kernel scope link src 10.58.10.6
50.186.18.0/23 dev eth0 proto kernel scope link src 50.186.18.140
50.186.18.1 dev eth0 proto static scope link src 50.186.18.140
128.0.0.0/1 via 10.58.10.5 dev tun0
172.98.67.43 via 50.186.18.1 dev eth0
192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.3

I created a table called internet

#flush all rules from table
- ip route flush all table internet

# add rule to force traffic for this specific host across table internet
- ip rule add from 192.168.0.240/32 table internet

# add routes
- ip route add table internet default via 50.186.18.1 dev eth0 proto static src 50.186.18.140
- ip route add table internet 50.186.18.0/23 dev eth0 proto kernel scope link src 50.186.18.140
- ip route add table internet 50.186.18.1 dev eth0 proto static scope link src 50.186.18.140
- ip route add table internet 192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.3

# internet routing table from router

root@gargoyle:~# ip route show table internet
default via 50.186.18.1 dev eth0 proto static src 50.186.18.140
50.186.18.0/23 dev eth0 proto kernel scope link src 50.186.18.140
50.186.18.1 dev eth0 proto static scope link src 50.186.18.140
192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.3

Connectivity works via IP, and goes over the correct route, but I cannot ping or talk to my internal network on host 192.168.0.240.

Any ideas on what I am missing?

Post Reply