Assume that you have a Linux machine which has 3 network interface cards, named eth0, eth1, and eth2. eth0 is 221.237.x.253/24, eth1 is 221.237.x.251/24, and eth2 is 172.16.200.1/22. Because there can be only one default gateway in Linux, the default gateway is 221.237.x.1 via eth0. Although eth0 and eth1 seem to be in the same network, and sharing the same gateway, but actually each of these 2 ip addresses has its own speed rate limit: 10Mb/s. We get total 20Mb/s ideally, but we can’t reach the max speed rate with the only one default gateway, that’s the problem. Let me solve it.
eth0 : 221.237.x.253/24 eth1 : 221.237.x.251/24 eth2 : 172.16.200.1/22 (for intranet, as the router of the local LAN network) default gateway : 221.237.x.1 via eth0
Here is the situation, this Linux server, as the gateway of the office, I want to use it to route the traffic to the 2 network interfaces.
If some people on the local network want to access a specific IP address (e.g. 188.8.131.52), all the traffic flow through the eth1, all the other situations, through eth0.
1) Linux box, Debian 7, no matter which distro, just use the distro you like. I like Debian most.
2) iproute2, a powerful network utility package. I don’t like the old tools like “route” or “netstat” or something. iproute2 has integrated all the above network tools together. iproute2 is the swiss army knife for System Administrator.
In order to use “ip rule”, you have to make sure that, the kernel configuration item, “CONFIG_IP_MULTIPLE_TABLES” should be set.
If your kernel doesn’t support this feature, bad luck, you have to recompile the kernel to accomplish the requirement.
Debian 7 ( 3.2.0-4-amd64 ) already has the feature, let’s skip to next step.
First of all, you must understand a concept: routing table.
$ ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
There are 3 routing tables here, by default, we are in the table main ( remember, not the table default !), and the other 2 tables are empty.
$ ip r s default via 221.237.x.1 dev eth0 172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1 221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253 221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251
is the same as
$ ip r s table main default via 221.237.x.1 dev eth0 172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1 221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253 221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251
“ip r s” is short for “ip route show”.
Now, let me do the job.
ip route add 221.237.x.0/24 dev eth1 src 221.237.x.251 table 163 ip route add default via 221.237.x.1 dev eth1 table 163 ip rule add to 184.108.40.206 table 163
Let me explain the above commands.
The routing table 163 has been created when the first command is executed. 163 is the number I like, you can choose yours, 99, perhaps. The table main, and the table 163, they are totally unrelated to each other.
1）The first command is to provide the information about the subnet.
2）The second command is to define the default gateway of the table 163. This is our SECOND default gateway.
3）The third command is to specify a rule to tell the OS when to use the table 163. Without this command, the table 163 is useless.
Now, if someone of the subnet wants to access 220.127.116.11, he use the router’s eth1 to communicate with 18.104.22.168.
Let’s have a look at the “ip rule show” again.
0: from all lookup local 32765: from all to 22.214.171.124 lookup 163 32766: from all lookup main 32767: from all lookup default
If someone has the LAN ip : 172.16.200.55 also wants to use the SECOND default gateway, we can use the following command:
ip rule add from 172.16.200.55 table 163
It’s pretty easy to understand, right?
0: from all lookup local 32764: from 172.16.200.55 lookup 163 32765: from all to 126.96.36.199 lookup 163 32766: from all lookup main 32767: from all lookup default
If you want to clear the record of a table, just run the command:
ip route flush table 163
And remember, never run the command ” ip rule flush” when you ssh to this machine, because it will clear all the route rules, you will lost your connection.