Beyond the two commonly used routing tables (the local and main routing tables), the kernel supports up to 252 additional routing tables.
The multiple routing table system provides a flexible infrastructure on top of which to implement policy routing. By allowing multiple traditional routing tables (keyed primarily to destination address) to be combined with the routing policy database (RPDB) (keyed primarily to source address), the kernel supports a well-known and well-understood interface while simultaneously expanding and extending its routing capabilities.
# vi /etc/iproute2/rt_tables
# add a new routing table and alias
[root@masq-gw]# ip route show table main
192.168.100.0/30 dev eth3 scope link
67.17.28.0/28 dev eth4 scope link
205.254.211.0/24 dev eth1 scope link
192.168.100.0/24 dev eth0 scope link
192.168.99.0/24 dev eth0 scope link
192.168.98.0/24 via 192.168.99.1 dev eth0
10.38.0.0/16 via 192.168.100.1 dev eth3
127.0.0.0/8 dev lo scope link
default via 205.254.211.254 dev eth1
[root@masq-gw]# ip route flush table 4
[root@masq-gw]# ip route show table main | grep -Ev ^default \
> | while read ROUTE ; do
> ip route add table 4 $ROUTE
> done
[root@masq-gw]# ip route add table 4 default via 67.17.28.14
[root@masq-gw]# ip route show table 4
192.168.100.0/30 dev eth3 scope link
67.17.28.0/28 dev eth4 scope link
205.254.211.0/24 dev eth1 scope link
192.168.100.0/24 dev eth0 scope link
192.168.99.0/24 dev eth0 scope link
192.168.98.0/24 via 192.168.99.1 dev eth0
10.38.0.0/16 via 192.168.100.1 dev eth3
127.0.0.0/8 dev lo scope link
default via 67.17.28.14 dev eth4
[root@masq-gw]# iptables -t mangle -A PREROUTING -p tcp --dport 80 -s 192.168.99.0/24 -j MARK --set-mark 4
[root@masq-gw]# iptables -t mangle -A PREROUTING -p tcp --dport 443 -s 192.168.99.0/24 -j MARK --set-mark 4
[root@masq-gw]# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- * * 192.168.99.0/24 0.0.0.0/0 tcp dpt:80 MARK set 0x4
0 0 MARK tcp -- * * 192.168.99.0/24 0.0.0.0/0 tcp dpt:443 MARK set 0x4
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@masq-gw]# iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 67.17.28.12
[root@masq-gw]# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 205.254.211.179
[root@masq-gw]# ip rule add fwmark 4 table 4
[root@masq-gw]# ip rule show
0: from all lookup local
32765: from all fwmark 4 lookup 4
32766: from all lookup main
32767: from all lookup 253
[root@masq-gw]# ip route flush cache
Routing Selection Algorithm in Pseudo-code
if packet.routeCacheLookupKey in routeCache :
route = routeCache[ packet.routeCacheLookupKey ]
else
for rule in rpdb :
if packet.rpdbLookupKey in rule :
routeTable = rule[ lookupTable ]
if packet.routeLookupKey in routeTable :
route = route_table[ packet.routeLookup_key ]