87 lines
2.6 KiB
Markdown
87 lines
2.6 KiB
Markdown
Certainly! Here's a step-by-step guide to set up policy-based routing for your scenario:
|
|
|
|
### Step 1: Enable IP Forwarding
|
|
|
|
1. Edit the sysctl configuration file:
|
|
```bash
|
|
sudo nano /etc/sysctl.conf
|
|
```
|
|
|
|
2. Uncomment or add the following line to enable IP forwarding:
|
|
```
|
|
net.ipv4.ip_forward = 1
|
|
```
|
|
|
|
3. Save and close the file.
|
|
|
|
4. Apply the changes:
|
|
```bash
|
|
sudo sysctl -p
|
|
```
|
|
|
|
### Step 2: Configure Policy-Based Routing
|
|
|
|
1. Create routing tables and rules for each domain.
|
|
|
|
```bash
|
|
# Create a new routing table for foo.com
|
|
echo "200 foo" >> /etc/iproute2/rt_tables
|
|
|
|
# Add a route to the foo.com routing table
|
|
sudo ip route add foo.com via 10.10.10.10 table foo
|
|
|
|
# Add a rule to use the foo.com routing table for traffic destined to foo.com
|
|
sudo ip rule add to 10.10.10.10 lookup foo
|
|
```
|
|
|
|
```bash
|
|
# Create a new routing table for bar.com
|
|
echo "201 bar" >> /etc/iproute2/rt_tables
|
|
|
|
# Add a route to the bar.com routing table
|
|
sudo ip route add bar.com via 10.10.10.20 table bar
|
|
|
|
# Add a rule to use the bar.com routing table for traffic destined to bar.com
|
|
sudo ip rule add to 10.10.10.20 lookup bar
|
|
```
|
|
|
|
### Step 3: Test the Configuration
|
|
|
|
1. Test connectivity to each domain from an external source to ensure that traffic is routed correctly.
|
|
|
|
### Step 4: Make Configuration Persistent (Optional)
|
|
|
|
1. Create a script to apply the routing rules on system startup. For example, create a script named `policy-routing.sh`:
|
|
|
|
```bash
|
|
sudo nano /etc/network/if-up.d/policy-routing.sh
|
|
```
|
|
|
|
2. Add the following contents to the script:
|
|
|
|
```bash
|
|
#!/bin/bash
|
|
|
|
# Add routing tables and rules
|
|
echo "200 foo" >> /etc/iproute2/rt_tables
|
|
ip route add foo.com via 10.10.10.10 table foo
|
|
ip rule add to 10.10.10.10 lookup foo
|
|
|
|
echo "201 bar" >> /etc/iproute2/rt_tables
|
|
ip route add bar.com via 10.10.10.20 table bar
|
|
ip rule add to 10.10.10.20 lookup bar
|
|
```
|
|
|
|
3. Make the script executable:
|
|
|
|
```bash
|
|
sudo chmod +x /etc/network/if-up.d/policy-routing.sh
|
|
```
|
|
|
|
4. The script will be automatically executed whenever a network interface is brought up.
|
|
|
|
### Notes:
|
|
- Ensure that the routing tables and rules are set up correctly. Errors can lead to misrouted traffic or network connectivity issues.
|
|
- Regularly monitor and test the setup to ensure it continues to function as expected, especially after system updates or changes to network configurations.
|
|
|
|
This guide should help you set up policy-based routing on your VPS to forward traffic based on domain names without relying on `iptables`. Adjust the configurations as necessary for your specific network setup and requirements. |