Need of Two default gateway

Issues related to configuring your network
User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Need of Two default gateway

Post by jlehtone » 2021/06/23 18:31:04

The "internet" is everything and anything (sans unroutables). The default route is the route to anything.

If you can't specify the subnets that the PRI has to connect to, then also the route to internet is through PRI.

Anilbakhtani
Posts: 12
Joined: 2021/02/09 13:57:36

Re: Need of Two default gateway

Post by Anilbakhtani » 2021/06/24 04:50:36

thanks
PRI is only for calling purpose , not for Internet,
Can we use iptables or some other solution to use internet with 192 network.
I need to use Yum for updating and Google is required.
thanks

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Need of Two default gateway

Post by jlehtone » 2021/06/24 13:30:50

Anilbakhtani wrote:
2021/06/24 04:50:36
PRI is only for calling purpose , not for Internet,
Yes, but if PRI really needs the default route, then you will call anywhere in the Internet.

However, if PRI has a list of addresses that it will actually call (and only the calls need to connect to those addresses), then PRI does not need the default route.


If that is really not possible, then policy-based routing might be the solution. You had some of that in your original post.
You did show two rules:

Code: Select all

ip rule add from 192.168.1.14/32 table rt2
ip rule add to 192.168.1.14/32 table rt2
I'd say that those focus to the wrong side. Let ens128 be the default and direct only PRI traffic via ens133.
man ip-rule wrote:

Code: Select all

       SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [
               fwmark FWMARK[/MASK] ] [ iif STRING ] [ oif STRING ] [
               pref NUMBER ] [ l3mdev ] [ uidrange NUMBER-NUMBER ] [
               ipproto PROTOCOL ] [ sport [ NUMBER | NUMBER-NUMBER ] ] [
               dport [ NUMBER | NUMBER-NUMBER ] ] [ tun_id TUN_ID ]
Does the PRI traffic have something predictable and unique? Like dport or sport that could be used to select packets of new connections that should be routed via ens133?

Anilbakhtani
Posts: 12
Joined: 2021/02/09 13:57:36

Re: Need of Two default gateway

Post by Anilbakhtani » 2021/06/25 04:27:25

Thanks for your reply,
I tried to make policy based like above and try to implement iptables too , but not yet success.
Is that possible for you to login /access to my server for just 5 minutes to resolve the issue.
we can use anydesk/teamviewer for just 5 minutes .
thanks in advance.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Need of Two default gateway

Post by jlehtone » 2021/06/25 11:06:46

No way. You definitely do not wan't to grant access to your system to random strangers.

Post Reply