Policy based routing

Article description::For certain network setups one routing table is simply not enough.

For example some network configurations can include two or more gateways exist to an uplink provider so that load balancing can be performed between the two uplinks. For example, a network administrator may choose to send all SSH traffic over one uplink gateway and all HTTP over the other.

Network configurations with just one gateway will send all traffic over one uplink while the other(s) remain unused.

With policy based routing, system administrators can choose by various parameters which packets should use which routing table and therefore perhaps take another route.

Emerge

 * (when intending to use fwmarks as indicators)
 * (when intending to use fwmarks as indicators)

Create new routing table

 * 1) Edit the  file.
 * 2) Append [ID of the table] [Name of the table]
 * 3) Add rules with ip rule but with table [Table name or table ID]
 * 4) Check with

Decide which packets takes what routing table
By default every packets takes the routing table main (ID 254). You can now specify rules for packets to take different routing tables (which will need created first), every packet which is not matching any rule still takes the default routing table (main).

ip rule
A full list of the possible parameters you can get here If this is not sufficient for you (i.e. an source port), you can use fwmark. These fwmark you can set with iptables, so can create an ip rule with every match iptables is capable of.

iptables mark
Simply use. The target MARK only works in mangle. For incoming packets I use, for outgoing packets. Please be aware that the mark gets lost when the packet is processed by a process (i.e. apache), so if your packet arrives your network card and the way home doesn't work properly it's of no use if you mark the incoming packet, you have to mark the new generated outgoing packet.

Packet seems to disappear
Most likely the packet gets dropped because of it was considered "martian". In the actual kernel these packets get dropped silently. You can enable logging by:

If you now see messages with indicated when packets are considered martian, disable dropping them by: