[mythtv-users] OT: default routes

Hika van den Hoven hikavdh at gmail.com
Wed Sep 23 13:09:59 UTC 2015 

Hoi Simon,

Wednesday, September 23, 2015, 2:55:38 PM, you wrote:

> Jan Ceuleers <jan.ceuleers at gmail.com> wrote:

>> I would recommend indeed using the routing table rather than the
>> firewall (i.e. "ip route" rather than iptables).
>> 
>> See man ip-route for the syntax. Example:
>> 
>> ip route add 192.168.55.0/24 via 192.168.1.254 dev eth1

> But in this case, it's more complicated than can be done in just
> the routing tables. I think he'll need to use iptables (mangle
> table) to set firewall marks (on the VPN traffic) to then use in routing rules.
> If the rules can be just a match on source and/or destination IP
> then it can be done with routing rules - as is the case with the setup I posted an extract from.

> Hmm, thinking a bit more, if this is a dial-in VPN then it might be
> fairly simple. Setup the route rules to route the correct IP(s) via
> each ISP. Then the VPN egress traffic will go out with the same IP
> it came in on, dial in to the second IP and you'll automatically use
> that ISP for the traffic. Normal routing will shunt the private traffic down the tunnel.

> For a VPN originating in the network, that'll need rules (probably
> iptables) to identify the VPN packets and route them accordingly.
> Some creative use of masq entries, and multiple internal IPs, could
> get around the need to use fw marks for a VPN originating inside the network.

> _______________________________________________

The VPN traffic through the tunnel is I think not the problem. There
are routing lines in place for that, both for the endpoints and for
between the two networks on both sides. It's the build-up and
maintenance of the tunnel itself. And the internet ip adres on the
other side varies. The one because the other side doesn't have a solid   
adres and the other because it comes from my laptop or tablet.


Tot mails,
  Hika                            mailto:hikavdh at gmail.com

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens

More information about the mythtv-users mailing list