Reverse routing possible ?

Forum|Forum|6 years ago
April 20, 2020
1 reply
5214 views

Hello, is there any way to set up routes based on the reverse of RFC1918 private addresses i.e. any route that does NOT match:

192.168.0.0 - 192.168.255.255 172.16.0.0 - 172.31.255.255 10.0.0.0 - 10.255.255.255[/ul]

lobstercreed

New Member

I imagine there are ways to achieve your goals. Can you give more details? Blackhole routes and policy routes come to mind depending on the problem you're trying to fix.

For example I use blackhole routes to ensure that I don't send any RFC1918 traffic to the internet. If I have a more specific route on a LAN link then it will take that first, otherwise it is dropped.

tedauctionAuthor

New Member

Hello, I am wanting a way to route all non-private address destinations to a particular port without using a 0.0.0.0 default route.

Are there any options ?

lobstercreed

New Member

I'll have to avoid getting into a philosophical debate on why you don't want to use a default route for its basic purpose...

Policy routing might be able to achieve what you want. You'll still wind up using a default route of sorts but it will be at the bottom of your policy routes to send traffic to the particular port.

Above it you would include 3 rules that say if the destination is 10.0.0.0/8, stop policy routing, then the 2nd rule would do the same for 192.168.0.0/16 and the 3rd for 172.16.0.0/12

Only if the traffic passed all 3 rules excluding RFC1918 traffic would it match on the destination 0.0.0.0/0 to go out the specified port.

I've actually done something similar to handle failover to a tiny backup Internet circuit. I want most of my users to stay stuck on my main circuit even if it's down so they don't squash the little guy.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded