[44net] Linux policy routing explained briefly

There seems to be a bit of confusion as to how linux routes via policy routing. The tool which appears to be the most flexible is "ip" found in the iproute2 package. The two key switches are "route" and "rule", and they do exactly what they sound like; one manages routes and route-tables, while the other manages the ruleset in which these routes/tables are called upon. Linux begins with a main route table and a default ruleset in which that table is used. Typically you don't even notice this as it's created with the configuration of the standard network devices upon boot. Two rules will be applied for this main route table: 1) main 2) default The rules are such that the priority to these tables is so low almost any other rule will take priority over it. That's what makes amprnet routing for linux quite simple. The rule you want to make for amprnet is such that any inbound OR outbound routing sourced as 44-net uses it's own route table, with a priority higher than the main table rule. As long as the routes are in this matched table, the kernel will act as an amprnet router just fine even to entities such as xNOS, Xnet, etc. So if you want proper packet flow make sure all paths and rules match for the source you wish to route - in our case it's 44/8: A sample standard path would look like: commercial to commercial/nat inet/0 <----> linux-nat or com IP table main commercial to your ampr inet/0 <----> ucsd/bgp host ucsd/bgp host <---> linux 44-tunl0 via rule 1/table 1 <---> node/bbs/dxc ampr to ampr (tunnel only shown) 44/8-tunl0 <---> linux tunl0/rule 1/table 1 <---> node/bbs/dxc ampr to ampr to xNOS/Xnet (tunnel only shown) 44/8-tunl0 <---> linux tunl0/rule 1/table 1 <---> tun0/tap0-xNOS/Xnet This shows that the Xnet or xNOS tun/tap interfaces need to be included within the ruleset that matches table 1 or else it will become unroutable. Also you need to insure ip_forwarding is enabled, and your firewalling permits ip protocol 4 (ipencap), and ip protocol 93 (AX.25) A simple script which can do this for you is found at http://n1uro.ampr.org/linuxconf/dotun.html # --- dotun.sh --- #! /bin/bash # dotun.sh script written by N1URO # June, 2013 # enter in your information below, these are used for creating a # gateway and linking to the amprnet: AMPRIP='x.x.x.x' IPMASK='x.x.x.x' COMMIP='x.x.x.x' NOSIP='x.x.x.x' case "$1" in start) # Load your ipencap module in the kernel: modprobe ipip # Allow ip forwarding from amprnet to your ethernet interface echo "1" > /proc/sys/net/ipv4/ip_forward # load RIPv2 routing using the ampr-ripd daemon /usr/local/sbin/ampr-ripd -t 1 -a $COMMIP -p <password> -i tunl0 -v -s -r # Configure your ipencap tunnel interface - required for the amprnet ifconfig tunl0 $AMPRIP netmask $IPMASK up # Allow traceroutes to work on the amprnet: ip tunnel change tunl0 mode ipip ttl 64 tunl0 pmtudisc # If you run xNOS, configure a tun/tap interface: ifconfig tun0 $AMPRIP pointopoint $NOSIP up # configure your rointing accordingly: ip route add $NOSIP dev tun0 onlink table 1 src $AMPRIP ip route add default via 169.228.66.251 dev tunl0 src $AMPRIP onlink table 1 # configure policy routing so that frames from/to your 44-net IP # know how to route accordingly: ip rule add from 44/8 pref 1 table 1 ip rule add to 44/8 pref 1 table 1 # script is done, exit as a clean flush. exit 0 ;; stop) # Unload what we loaded above: ip rule del to 44/8 pref 1 table 1 ip rule del from 44/8 pref 1 table 1 ifconfig tunl0 down ifconfig tun0 down killall -TERM ampr-ripd modprobe -r ipip exit 0 ;; restart) dotun stop sleep 3 dotun start exit 0 ;; *) echo "Usage: dotun {start|stop|restart}" exit 0 ;; esac exit 0 --- EOF --- -- If Microsoft intended Windows to be for ham usage, they would have incorporated our protocols into their kernel. 73 de Brian Rogers - N1URO email: &lt;n1uro(a)n1uro.ampr.org&gt; Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.