Configure a policy-based route in Linux

Article title: configure a policy-based route in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Traditional routers cannot meet the needs when the network and requirements become complex, and a policy-based routing gives us better choices. This article provides a configuration example in Linux, which runs on a 2G Pentium 4 processor, 160 m memory computer, and runs normally in the network environment of more than computers.
　
Policy-based routing is more powerful and flexible than traditional routing. it enables network administrators to select a forwarding path based not only on the destination address but also on the packet size, application, or IP source address. In practical network applications, the freedom of choice is still very necessary. Linux has implemented support for policy routing since the kernel version 2.1. The following describes a configuration instance to help readers.
　
Instance background
　
The two intranets are connected to the Internet through the remote router 1, and the remote router 2 is connected to the upper-level network. The Linux server is a policy router with four NICs. The allocation of IP addresses is shown in the table.
　
In terms of application requirements, intranet 1 allows connection to the Internet through the remote router 1 (172.22.254.254), but only allows frequent access through the Http and Ftp protocols, other protocols are available in different time periods (to prevent employees from playing online games and chatting during work hours), for example, during work hours ~ ) Closed, off duty time ~ . In addition, intranet 1 does not have access to intranet 2 and the upper-level network, but can access servers on intranet 2. Intranet 2 is allowed to access the Internet, and the upper-level network can only access the 192.168.1.2 server on intranet 2. The firewall is mainly used to prevent the Internet from actively accessing the intranet and prevent network attacks.
　
Implementation process
　
Here we select the Red Hat Enterprise Linux WS 3 operating system, whose kernel version is 2.4.21, which has good support for policy routing. the following configuration is also based on this.
　
1. set IP addresses
　
First, run the following command:
　
Ifconfig eth0 10.89.9.1 netmask 255.255.255.0
　
Ifconfig eth1 192.168.1.1 netmask 255.255.255.0
　
Ifconfig eth2 172.22.254.14 netmask 255.255.255.0
　
Ifconfig eth3 10.140.133.14 netmask 255.255.255.0
　
To enable the computer to automatically set the IP address at startup, you also need to modify the four files under/etc/sysconfig/network-scripts/: ifcfg-eth0, ifcfg-eth1, ifcfg-eth2, ifcfg-eth3, set the ONBOOT attribute to yes, that is, "ONBOOT = yes". the file format is as follows:
　
# Intel Corp. 82545EM Gigabit Ethernet Controller (Copper)
　
DEVICE = eth0
　
BOOTPROTO = none
　
HWADDR = 00: 0c: 76: 20: 54: 71
　
ONBOOT = yes
　
TYPE = Ethernet
　
USERCTL = yes
　
PEERDNS = no
　
NETMASK = 255.255.255.0
　
IPADDR = 10.89.9.1
　
If you do not like the command line mode, you can also perform the above operations in the graphic mode: Main menu → System Settings → network, set the IP address and activate it, and select the "activate device when the computer starts" option.
　
2. enable the forwarding function
　
Run the command "echo" 1 ">/proc/sys/net/ipv4/ip_forward", or add "FORWARD_IPV4 = yes" to the/etc/sysconfig/network file ".
　
3. create a route table
　
Edit the/etc/iproute2/rt_tables file and run the following command. Here, four new route tables are added: int1, int2, int3, and int4.
　
# Reserved values
　
#255 local
　
#254 main
　
#253 default
　
#0 unspec
　
# Local
　
#1 inr. Ruhu
　
1 int1
　
2 int2
　
3 int3
　
4 int4

[1] [2] Next page