Hi,
I'm working with the iproute2/iptables toolset on my CentOS4 server to create custom routing rules. However, I'm a bit at a loss how to create these permanently so that they are automatically reloaded upon reboot of the server.
I know that iptables has a config file in /etc/sysconfig/iptables that is loaded by /etc/init.d/iptables startup script.
Is there anything that works similarly for the iproute2 ruleset? I can't seem to find anything in /etc/init.d/network except for references to static routes using /sbin/route, which isn't good enough if one wants to use multiple routing tables. Nor can I find anything in /etc/init.d/ that would seem applicable to the iproute2 system.
Any ideas/suggestions? Do I have to create my own custom startup script for this? Or is there somewhere already existant I can put iproute2 commands?
Thanks!
Eric
On Tue, Apr 15, 2008 at 12:36 PM, Eric B. ebenze@hotmail.com wrote:
Is there anything that works similarly for the iproute2 ruleset? I can't seem to find anything in /etc/init.d/network except for references to static routes using /sbin/route, which isn't good enough if one wants to use multiple routing tables. Nor can I find anything in /etc/init.d/ that would seem applicable to the iproute2 system.
You should put it in /etc/sysconfig/network-scripts/route-eth0 (change "eth0" to the name of the interface the routes apply to). For every line in this file, when the interface goes up, it will run "/sbin/ip route add $line" (see /etc/sysconfig/network-scripts/ifup-routes script if you want to understand exactly what it's doing).
Apparently there's also a new syntax for /etc/sysconfig/network-scripts/route-eth0, in which you specify several variables, the same you do in ifcfg-eth0, then you set something like:
ADDRESS0=1.2.3.0 NETMASK0=255.255.255.0 GATEWAY0=4.3.2.1
And then you go ADDRESS1, ADDRESS2, ..., as you need more routes.
There used to be a /etc/sysconfig/static-routes for this purpose but, as I understand, now the way to do it is per interface with the route-${ifname} files.
To test if your file is working, do a "service network restart" and check if the routes are up as expected. You can also do "ifdown eth0" and "ifup eth0" if you want to restart only one interface (for instance if you're remotely connected through another interface).
HTH, Filipe
"Filipe Brandenburger" filbranden@gmail.com wrote in message news:e814db780804151115u490b43dfsff787e759fbf18c@mail.gmail.com...
On Tue, Apr 15, 2008 at 12:36 PM, Eric B. ebenze@hotmail.com wrote:
Is there anything that works similarly for the iproute2 ruleset? I can't seem to find anything in /etc/init.d/network except for references to static routes using /sbin/route, which isn't good enough if one wants to use multiple routing tables. Nor can I find anything in /etc/init.d/ that would seem applicable to the iproute2 system.
You should put it in /etc/sysconfig/network-scripts/route-eth0 (change "eth0" to the name of the interface the routes apply to). For every line in this file, when the interface goes up, it will run "/sbin/ip route add $line" (see /etc/sysconfig/network-scripts/ifup-routes script if you want to understand exactly what it's doing).
Apparently there's also a new syntax for /etc/sysconfig/network-scripts/route-eth0, in which you specify several variables, the same you do in ifcfg-eth0, then you set something like:
ADDRESS0=1.2.3.0 NETMASK0=255.255.255.0 GATEWAY0=4.3.2.1
And then you go ADDRESS1, ADDRESS2, ..., as you need more routes.
There used to be a /etc/sysconfig/static-routes for this purpose but, as I understand, now the way to do it is per interface with the route-${ifname} files.
To test if your file is working, do a "service network restart" and check if the routes are up as expected. You can also do "ifdown eth0" and "ifup eth0" if you want to restart only one interface (for instance if you're remotely connected through another interface).
Awesome! Thanks so much. That's exactly what I was looking for. I must have missed it when I tried to grep the directory looking for the file that handled that stuff.
The last question then is if there is a way to add "ip rule" rules to specify which routing table to use based on packet information. ex: ip rule add fwmark 3 table 3
Are any of the network scripts able to handle this as well?
Thanks again!
Eric
On Tue, Apr 15, 2008 at 3:48 PM, Eric B. ebenze@hotmail.com wrote:
The last question then is if there is a way to add "ip rule" rules to specify which routing table to use based on packet information. ex: ip rule add fwmark 3 table 3
Are any of the network scripts able to handle this as well?
If you look at the end of the same script (ifup-routes), you'll see that it reads rules from file /etc/sysconfig/network-scripts/rule-eth0. For each line in that file, it will run "/sbin/ip rule add $line". It's unfortunate that this isn't all better documented somewhere. But on Linux you can always... Use the source, Luke!
HTH, Filipe
"Filipe Brandenburger" filbranden@gmail.com wrote in message news:e814db780804151317j1e3a9e15td960d074f37a6978@mail.gmail.com...
On Tue, Apr 15, 2008 at 3:48 PM, Eric B. ebenze@hotmail.com wrote:
The last question then is if there is a way to add "ip rule" rules to specify which routing table to use based on packet information. ex: ip rule add fwmark 3 table 3
Are any of the network scripts able to handle this as well?
If you look at the end of the same script (ifup-routes), you'll see that it reads rules from file /etc/sysconfig/network-scripts/rule-eth0. For each line in that file, it will run "/sbin/ip rule add $line". It's unfortunate that this isn't all better documented somewhere. But on Linux you can always... Use the source, Luke!
Really? I looked through ifup-routes but I don't see anything that searches for rule-<ifname> anywhere. All my ifup-routes looks for is files called route-$2. Further more a quick "grep rule /etc/sysconfig/network-scripts/*" finds nothing.
My last two lines in ifup-routes (unless I don't know how to read them properly) are: # Red Hat network configuration format NICK=${2:-$1} CONFIG="/etc/sysconfig/network-scripts/$NICK.route" [ -f $CONFIG ] && handle_file $CONFIG $1
And if I look at handle_file method, I see all it does is call /sbin/ip route add $line.
Am I missing something obvious somewhere? Or do you have a different version of ifup-routes? I'm running CentOS4 with the latest patches....
Thanks again!
Eric
On Tue, Apr 15, 2008 at 4:36 PM, Eric B. ebenze@hotmail.com wrote:
Am I missing something obvious somewhere? Or do you have a different version of ifup-routes? I'm running CentOS4 with the latest patches....
I'm running CentOS5 here, that's probably new in CentOS5.
You may consider appending the last 15 lines of ifup-routes from CentOS5 to your CentOS4 installation. It's not that beautiful but it's not that ugly either. At least it's forward compatible in a way that if you upgrade to CentOS5 later it will continue working. I'm sending the file attached to you in case you want to do it.
HTH, Filipe
"Filipe Brandenburger" filbranden@gmail.com wrote in message news:e814db780804151404m183575c7y7497d52cd4753a12@mail.gmail.com...
On Tue, Apr 15, 2008 at 4:36 PM, Eric B. ebenze@hotmail.com wrote:
Am I missing something obvious somewhere? Or do you have a different version of ifup-routes? I'm running CentOS4 with the latest patches....
I'm running CentOS5 here, that's probably new in CentOS5.
You may consider appending the last 15 lines of ifup-routes from CentOS5 to your CentOS4 installation. It's not that beautiful but it's not that ugly either. At least it's forward compatible in a way that if you upgrade to CentOS5 later it will continue working. I'm sending the file attached to you in case you want to do it.
Awesome! That's perfect! I had kinda figured that might be what the difference was.
Thanks so much. Will definitely update my ifup-routes script with this.
Eric
Eric B. wrote:
The last question then is if there is a way to add "ip rule" rules to specify which routing table to use based on packet information. ex: ip rule add fwmark 3 table 3
Are any of the network scripts able to handle this as well?
sadly, the RHEL networking scripts are still rooted in the old school ipconfig methods, rather than the newer ip addr / ip route / ... functionality. if I'm going to do that level of routing, I pretty much setup the RHOS/CentOS stuff just to setup the basic interfaces, then roll my own script, typically launched from /etc/rc.d/rc.local or maybe in a proper init.d script.
-
Eric B. -
Filipe Brandenburger -
John R Pierce