LINUXMAKER, OpenSource, Tutorials

A Linux host with more than one default gateway

Situation

Normally, in a Linux host with multiple network interfaces, you have a default getway that is basically routed. Everything else produces asynchronous routing in the system and routers the packages may possibly discard.

Troubleshooting

In order to avoid this problem, the program "iproute2" exists in all current Linux distributions, which is generally already installed. As already mentioned, only one routing table with only one gateway can be entered in a Linux system. On the one hand, "iproute2" makes it possible to create additional routing tables and, on the other hand, to have them rebased in the system.

Initial situation

It is assumed that the system has the two interfaces enp0s3lf6 and wpl5s0. The two networks to be used have the addresses 192.168.0.0/24 and 172.10.0.0/24. In each case, the .1 represents the gateway of the respective network. In Debian or Ubuntu, the initial configuration of the network in /etc/network/interfaces would look like this:

network interface auto lo
iface lo inet loopback
# The primary network interface allow-hotplug enp0s3lf6
iface enp0s3lf6 inet static
    address 192.168.0.10
    netmask 255.255.255.0
    gateway 192.168.0.1
# The secondary network interface
allow-hotplug wpl5s0
iface wpl5s0 inet static
    address 172.10.0.10
    netmask 255.255.255.0

Generate the second routing table

For these additional routing tables there exists the file /etc/iproute2/rt_tables, which must be modified accordingly. We give our new routing table the name "srvnet" and the preference of 1.

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
1        srvnet

Configuration of the routing tables and activation of the routing rules

The system then generates the new routing table and the rules for using the routing table as follows:

ip route add 172.10.0.0/24 dev wpl5s0 src 172.10.0.10 table svrnet
ip route add default via 172.10.0.1 dev wpl5s0 table srvnet

ip rule add from 172.10.0.10/32 table srvnet
ip rule add to 172.10.0.10/32 table srvnet

The first two lines specify that the 172.10.0.0/24 can be reached via the interface wpl5s0 and that the default gateway is located on this interface. The two rules in lines 3 and 4 specify that the incoming traffic should run via the IP address 172.10.0.10 as well as the traffic to and via this IP address must use the routing table srvnet each time.

Once the system is restarted, the "ip route" and "ip-rule" commands are lost again. To prevent the loss, the commands in the network configuration can be permanently entered with the parameter "post-up" in the file /etc/network/interfaces. Thus, the routing is already configured with each initialization of the interfaces.

iface wpl5s0 inet static
    address 172.10.0.10
    netmask 255.255.255.0
    post-up ip route add 172.10.0.0/24 dev wpl5s0 src 172.10.0.10 table svrnet
    post-up ip route add default via 172.10.0.1 dev wpl5s0 table srvnet
    post-up ip rule add from 172.10.0.10/32 table srvnet
    post-up ip rule add to 172.10.0.10/32 table srvnet

If more than two network interfaces exist, repeat this procedure for each additional interface as described.

Solution with dynamic IP addresses

As soon as DHCP with dynamic address allocation is used, our solution will not work like this. Because the IP address will not be known at the time the interface is configured. Remedy can also afford a "post-up" integrated script

iface wpl5s0 inet dhcp
    post-up /etc/network/if-up.d/routeaddWlan

To do this, create the following bash script below /etc/network/if-up.d/.

# vi /etc/network/if-up.d/routeaddWlan

#!/bin/bash
set -e
INTERFACE=`ip addr show | grep -e ':\s*wl' | awk '{print $2}' | cut -d: -f 1`
IP=`ip addr show dev $INTERFACE | grep 'inet ' | awk '{print $2}' | cut -d/ -f 1`
SUBNET=`ip route show | grep 'default' | grep $INTERFACE | awk '{print $3}' | sed 's/.$/0/g'`
GATEWAY=`ip route show | grep 'default' | grep $INTERFACE | awk '{print $3}'`
ip route add $SUBNET/24 dev $INTERFACE src $IP table srvnet
ip route add default via $GATEWAY dev $INTERFACE table srvnet
ip rule add from $IP/32 table srvnet
ip rule add to $IP/32 table srvnet

The script determines the DHCP-assigned IP address, subnet, and gateway to provide these values to the ip commands. Then it executes the ip commands so that they no longer have to be kept in the /etc/network/interfaces.

Final tests of the configuration

The ip command provides some parameters that can be used to display the routing tables and rules.

ip route ls table 0

show all currently existing routing tables including the content. Alternatively, too

ip route ls table srvnet

In contrast,

ip rule show

or

ip rule ls

all rules indicate when which routing table is used. The rules are processed until a route is found.