Otdfbt

Mark command as obsolete

Help understanding this line - usage of くれる

Wireless headphones interfere with Wi-Fi signal on laptop

How does this Martian habitat 3D printer built for NASA work?

Was the dragon prowess intentionally downplayed in S08E04?

Does "Software Updater" only update software installed using apt, or also software installed using snap?

Is it safe to use two single-pole breakers for a 240v circuit?

Fixed width with p doesn't work

Is there an academic word that means "to split hairs over"?

Why is it harder to turn a motor/generator with shorted terminals?

Polynomial division: Is this trick obvious?

Is 95% of what you read in the financial press “either wrong or irrelevant?”

Extract the characters before last colon

Do we have C++20 ranges library in GCC 9?

Why did the soldiers of the North disobey Jon?

Given 0s on Assignments with suspected and dismissed cheating?

Why do the lights go out when someone enters the dining room on this ship?

Holding rent money for my friend which amounts to over $10k?

Why was my Canon Speedlite 600EX triggering other flashes?

Is there any way to adjust the damage type of the Eldritch Blast cantrip so that it does fire damage?

How can we allow remote players to effectively interact with a physical tabletop battle-map?

Why doesn't Iron Man's action affect this person in Endgame?

complicated arrows in flowcharts

Why did the metro bus stop at each railway crossing, despite no warning indicating a train was coming?

ip rule and route doesn't get respected

Setting up linux routingWhy ip route add doesn't work, but ip route add with less details and then change works?Selecting gateway on application level on LinuxWindows route add errorForward IP packets to tunnel deviceHow do policy based routing tables actually work?Cannot ping through one of the network interfacespolicy routing for local outcoming connectionsWhich route will be selected?Does each custom routing table (w/default gateway) need a link scope route?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

6

1

I'm trying to route packets based on their source address, and have added the following:

# ip rule add from 10.10.10.0/16 dev eth0 table foobar
# ip route add default via 100.100.100.1 dev eth0 table foobar

Testing the routing however gives me wrong via address:

# ip route get 4.3.2.1 from 10.10.10.1
4.3.2.1 from 10.10.10.1 via 100.0.0.1 dev eth0

Why doesn't this get respected?

This is my regular routes

# ip route list
default via 100.0.0.1 dev eth0

and

# ip route show table foobar
default via 100.100.100.1 dev eth0

and

# ip rule list
0: from all lookup local
32765: from 10.10.10.0/16 iif eth0 lookup foobar
32766: from all lookup main
32767: from all lookup default

linux ip route ip-routing policy-routing

share|improve this question

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Isn't 10.10.10.0/16 a host address in the 10.10.0.0 subnet ?
  
  – grahamj42
  May 3 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, 10.10.10.0/16 is the subnet range 10.10.0.1-10.10.255.255.
  
  – wie5Ooma
  May 3 at 17:44
  

  
  
  
  

add a comment | 

6

1

I'm trying to route packets based on their source address, and have added the following:

# ip rule add from 10.10.10.0/16 dev eth0 table foobar
# ip route add default via 100.100.100.1 dev eth0 table foobar

Testing the routing however gives me wrong via address:

# ip route get 4.3.2.1 from 10.10.10.1
4.3.2.1 from 10.10.10.1 via 100.0.0.1 dev eth0

Why doesn't this get respected?

This is my regular routes

# ip route list
default via 100.0.0.1 dev eth0

and

# ip route show table foobar
default via 100.100.100.1 dev eth0

and

# ip rule list
0: from all lookup local
32765: from 10.10.10.0/16 iif eth0 lookup foobar
32766: from all lookup main
32767: from all lookup default

linux ip route ip-routing policy-routing

share|improve this question

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Isn't 10.10.10.0/16 a host address in the 10.10.0.0 subnet ?
  
  – grahamj42
  May 3 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, 10.10.10.0/16 is the subnet range 10.10.0.1-10.10.255.255.
  
  – wie5Ooma
  May 3 at 17:44
  

  
  
  
  

add a comment | 

I'm trying to route packets based on their source address, and have added the following:

# ip rule add from 10.10.10.0/16 dev eth0 table foobar
# ip route add default via 100.100.100.1 dev eth0 table foobar

Testing the routing however gives me wrong via address:

# ip route get 4.3.2.1 from 10.10.10.1
4.3.2.1 from 10.10.10.1 via 100.0.0.1 dev eth0

Why doesn't this get respected?

This is my regular routes

# ip route list
default via 100.0.0.1 dev eth0

and

# ip route show table foobar
default via 100.100.100.1 dev eth0

and

# ip rule list
0: from all lookup local
32765: from 10.10.10.0/16 iif eth0 lookup foobar
32766: from all lookup main
32767: from all lookup default

linux ip route ip-routing policy-routing

share|improve this question

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

# ip rule add from 10.10.10.0/16 dev eth0 table foobar
# ip route add default via 100.100.100.1 dev eth0 table foobar

# ip route get 4.3.2.1 from 10.10.10.1
4.3.2.1 from 10.10.10.1 via 100.0.0.1 dev eth0

# ip route list
default via 100.0.0.1 dev eth0

# ip route show table foobar
default via 100.100.100.1 dev eth0

# ip rule list
0: from all lookup local
32765: from 10.10.10.0/16 iif eth0 lookup foobar
32766: from all lookup main
32767: from all lookup default

share|improve this question

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

share|improve this question

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

asked May 3 at 12:38

Alfred BalleAlfred Balle

749

1 Answer
1

active

oldest

votes

5

Your issue isn't issue. In rule you use not only source address, but also input interface match. So, there are two ways to solve your "problem":

1. Don't use the dev eth0 in the rule


2. Add iif eth0 in the ip route get... command. The iif option allows you use non-local addresses in the ip route get command, so you can use something like:
   ip route get 4.3.2.1 from 10.10.20.253 iif eth0
   

share|improve this answer

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I was wondering if that was it. Since they're both routed to eth0, it might just be returning the default because that's the top rule for that interface. I'd add a new interface on eth1, and see if that changed it.
  
  – Satanicpuppy
  May 3 at 13:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In the ip route get by default used the loopback interface if iif isn't specified. If you want the bloody details, you can look at source code ( elixir.bootlin.com/linux/latest/source/net/ipv4/route.c#L2868 )
  
  – Anton Danilov
  May 3 at 13:48
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965743%2fip-rule-and-route-doesnt-get-respected%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

5

Your issue isn't issue. In rule you use not only source address, but also input interface match. So, there are two ways to solve your "problem":

1. Don't use the dev eth0 in the rule


2. Add iif eth0 in the ip route get... command. The iif option allows you use non-local addresses in the ip route get command, so you can use something like:
   ip route get 4.3.2.1 from 10.10.20.253 iif eth0
   

share|improve this answer

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I was wondering if that was it. Since they're both routed to eth0, it might just be returning the default because that's the top rule for that interface. I'd add a new interface on eth1, and see if that changed it.
  
  – Satanicpuppy
  May 3 at 13:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In the ip route get by default used the loopback interface if iif isn't specified. If you want the bloody details, you can look at source code ( elixir.bootlin.com/linux/latest/source/net/ipv4/route.c#L2868 )
  
  – Anton Danilov
  May 3 at 13:48
  

  
  
  
  

add a comment | 

5

Your issue isn't issue. In rule you use not only source address, but also input interface match. So, there are two ways to solve your "problem":

1. Don't use the dev eth0 in the rule


2. Add iif eth0 in the ip route get... command. The iif option allows you use non-local addresses in the ip route get command, so you can use something like:
   ip route get 4.3.2.1 from 10.10.20.253 iif eth0
   

share|improve this answer

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I was wondering if that was it. Since they're both routed to eth0, it might just be returning the default because that's the top rule for that interface. I'd add a new interface on eth1, and see if that changed it.
  
  – Satanicpuppy
  May 3 at 13:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In the ip route get by default used the loopback interface if iif isn't specified. If you want the bloody details, you can look at source code ( elixir.bootlin.com/linux/latest/source/net/ipv4/route.c#L2868 )
  
  – Anton Danilov
  May 3 at 13:48
  

  
  
  
  

add a comment | 

Your issue isn't issue. In rule you use not only source address, but also input interface match. So, there are two ways to solve your "problem":

1. Don't use the dev eth0 in the rule


2. Add iif eth0 in the ip route get... command. The iif option allows you use non-local addresses in the ip route get command, so you can use something like:
   ip route get 4.3.2.1 from 10.10.20.253 iif eth0
   

share|improve this answer

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

share|improve this answer

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146

answered May 3 at 13:27

Anton DanilovAnton Danilov

86146