All of lore.kernel.org
 help / color / mirror / Atom feed
From: bert hubert <ahu@ds9a.nl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] iproute2 src/FreeS/WAN
Date: Thu, 14 Feb 2002 08:07:58 +0000	[thread overview]
Message-ID: <marc-lartc-101367406624403@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101366776114481@msgid-missing>

On Thu, Feb 14, 2002 at 01:22:18AM -0500, Adrian Chung wrote:

> I've setup iproute2 to route anything for either subnet via the ipsec0
> device using a src address of the local interface.  This is to force
> locally generated traffic (ie, traffic generated on the server) to go
> through the VPN, rather than out with a source IP of the external
> interface.
> 
> So I've done:
> 
>     ip rule add table 1 prio 100
>     ip route add table 1 <remoteLAN>/CIDR dev ipsec0 src <internalIP>
>     ip route flush cache
> 
> Now, my confusion is with regards to the src <internalIP> bit.  I've
> been assuming that the 'src ...' syntax actually changes the source IP
> in the packets matching the route to the IP specified, much like SNAT
> does.

As far as I know, and that's not very far, 'src' mainly changes the source
address chosen for locally generated traffic ('on the box') going out that
interface.

The 'ip' tool actually has some pretty nice documentation in the form of a
rather big TeX file, which is mentioned in the HOWTO. ip-cref.tex it's
called I think.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

      reply	other threads:[~2002-02-14  8:07 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-02-14  6:22 [LARTC] iproute2 src/FreeS/WAN Adrian Chung
2002-02-14  8:07 ` bert hubert [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101367406624403@msgid-missing \
    --to=ahu@ds9a.nl \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.