Arch Linux

pgoetz

Member

From: Austin, Texas

Registered: 2014-02-21

Posts: 355

netctl: How does the Routes= field work exactly?

Here is the issue:

The server wizard is both a mail server and does NAT for a bunch of windows machines.  At some point spamhaus.org decided that the IP address was being used for a (MS WIndows) virus which does bitcoin mining and remote ad clicking.  I spent a month trying to find the WIndows machine causing the problem, and eventually gave up.  Instead, I put 2 IP addressed on the outward facing interface on wizard, using one for the mail server and the other for NAT:

 

  eth0 IP: x.x.x.x  used for mail
  eth0 IP: y.y.y.y used for NAT
  gateway: z.z.z.z

This was originally set up on an Ubuntu server.  For some reason which I still don't understand, Ubuntu set up a routing table which forced everything to go out via y.y.y.y:

root@wizard:etc# ip route
...
default via z.z.z.z dev eth0  src y.y.y.y metric 100

  I had to set up a route command in /etc/rc.local to fix this:

ip route del default via z.z.z.z dev eth0 src y.y.y.y metric 100 && ip route add default via z.z.z.z dev eth0 src x.x.x.x metric 100

Now I'm replacing the old wizard with a new Arch server and would like to avoid the original problem; however must use a systemd-friendly solution to do so.  Hence my question.  I think the Routes entry:

Address=('x.x.x.x/24' 'y.y.y.y/24')
#Routes=('192.168.0.0/24 via 192.168.1.2')

in /etc/netctl/eth0 is the mechanism to insure the right default routing, but I'm not sure how the syntax works.  And because this is a production machine, there is no good way to test this before deploying the new Arch server.  Any thoughts would be appreciated.

briareos

Member

Registered: 2015-09-28

Posts: 9

Re: netctl: How does the Routes= field work exactly?

I'm struggling with this too. Regardless of what I enter as Routes=(), no changes to the routing table actually happen upon restarting the according netctl-auto@iface.service

For example:
Routes=('X.X.X.X/32 via 10.64.64.64')

I also tried those strange forward ticks stated in the man page: "An array of custom routes of the form ‘<address range> via <gateway>’."

i.e.
Routes=(‘X.X.X.X/32 via 10.64.64.64’)

pgoetz

Member

From: Austin, Texas

Registered: 2014-02-21

Posts: 355

Re: netctl: How does the Routes= field work exactly?

Question: what are you trying to accomplish?  In my case (example above) I left the Routes= directive commented out, and the routing behaved exactly the way it was supposed to by default.  Based on the syntax of the other fields, maybe something like this would work?

Routes=('X.X.X.X/24 via 10.64.64.64', 'Y.Y.Y.Y/24 via Z.Z.Z.Z')

By the way, what you have in your example, X.X.X.X/32 won't route anything, as you're saying that your subnet mask is the entire IP address.

Last edited by pgoetz (2015-12-15 22:26:03)

briareos

Member

Registered: 2015-09-28

Posts: 9

Re: netctl: How does the Routes= field work exactly?

Question: what are you trying to accomplish?

When I connect my mobile Internet (ppp0), I'd like to route to a specific host (thus X.X.X.X/32) through that ppp0 interface.

Specifically, X.X.X.X is an OpenVPN endpoint and I want to ensure that ppp0 is used for establishing that OpenVPN connection.

(Before ppp0 comes up, I usually already have a default route through eth0 or wlan0.)

pgoetz

Member

From: Austin, Texas

Registered: 2014-02-21

Posts: 355

Re: netctl: How does the Routes= field work exactly?

When I connect my mobile Internet (ppp0), I'd like to route to a specific host (thus X.X.X.X/32) through that ppp0 interface.

Shouldn't you then just set this host to be the gateway or are you using both connections simultaneously?

briareos

Member

Registered: 2015-09-28

Posts: 9

Re: netctl: How does the Routes= field work exactly?

Yes, I am using both.

If I do "ip route add X.X.X.X dev ppp0" (command from the top of my head) and then start OpenVPN, OpenVPN traffic will be routed through ppp0.

Otherwise OpenVPN will just use the default gateway, which is on eth0 or wlan0.

Note that I do not want to route all traffic through OpenVPN - it's just a mean to make the machine reachable from the other side.

pgoetz

Member

From: Austin, Texas

Registered: 2014-02-21

Posts: 355

Re: netctl: How does the Routes= field work exactly?

At this point I'm thinking we need to take this up with the person/people who put the netctl system together.  For all we know, the "Routes=" feature might not even be implemented, and some kind of default setting is being used.