How to make routing rules persistent, when I want packets to leave the same interface they came in?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux (RHEL) 5 and later

Issue

  • How can I persistently route network packets to the same network interface from where it came from?
  • Two interfaces are connected to different subnets. How can I persistently make the network packets go back via the interface where they came from?

Resolution

For a list of how to manually set the rules for the duration of the current boot only, follow the steps in this knowledge article:
How can I route network traffic such that the packets go out via the same interface they came in?

RHEL 9, and when using NetworkManager on RHEL 7.1+ and RHEL 8

RHEL 7 + NetworkManager support this with the release of RHEL 7.1 and NetworkManager 1.0. For RHEL 7.1 and later minor/major releases + NetworkManager, please see the following article for steps on enabling this functionality:
Is it possible to set up Policy Based Routing with NetworkManager in RHEL?

RHEL releases older than RHEL 7.1, and when not using NetworkManager on RHEL 7.1+ and RHEL 8

In order to make this change persistent, for RHEL releases older than RHEL7.1, you will need to create new files in the /etc/sysconfig/network-scripts/ directory. This will ensure the same commands are run when the network interfaces are brought up.

  • Create a rule-eth* file for each interface, including the following information. This is where the separate routing tables will be created. The table numbers can be modified to fit your environment needs.

    • When creating a rule file you need to include a priority number that is unique for each rule defined. Think of the priority numbers as index values that tell the kernel the rule is being updated or is a brand new rule being added. Failure to add in a priority number will cause duplicate rules to show up in the ip rule show output. (see man ip-rule)

      priority PREFERENCE
      the priority of this rule. PREFERENCE is an unsigned integer value, higher number means lower priority, and rules get processed in order of in-
      creasing number. Each rule should have an explicitly set unique priority value. The options preference and order are synonyms with priority.

    • Please note that for IP addresses configured on interface aliases (e.g. eth0:1) route/rule files should be created as per interface not per alias (e.g. routes for an IP address used on eth0:1 should be in route-eth0).

      • eth0 example

          # cat /etc/sysconfig/network-scripts/rule-eth0
  iif eth0 prio <integer> table 1
  from <ip of eth0> prio <integer> table 1

      • eth1 example

          # cat /etc/sysconfig/network-scripts/rule-eth1
  iif eth1 prio <integer> table 2
  from <ip of eth1> prio <integer-value> table 2

    • In case you need outgoing traffic to be handled from a specific interface, then you can use to prefix as well. For more information, check man ip-rule.

        oif eth1 prio <integer> table 2
  to <ip of remote host or subnet> prio <integer> table 2

  • Create a route-eth* file for each interface, including the default route to the gateway, the directly connected network, and any additional static routes needed. The table numbers would need to match what was used in the rule-eth* files.

    • eth0 example

        # cat /etc/sysconfig/network-scripts/route-eth0
  <local network/prefix> dev eth0 table 1
  default via <gateway address> dev eth0 table 1
  #to add additional static routes
  #<network address/prefix> via <gateway address> dev eth0 table 1

    • eth1 example

        # cat /etc/sysconfig/network-scripts/route-eth1
  <local network/prefix> dev eth1 table 2
  default via <gateway address> dev eth1 table 2
  #to add additional static routes
  #<network address/prefix> via <gateway address> dev eth1 table 2

  • To create IPv6 routes and rules, please see the How to create static IPv6 Routes and rules page

  • To handle traffic initiated from within the system, either maintain the default routing table or add a loopback rule to route the traffic on one of the policy tables:

      # grep "iff lo"  /etc/sysconfig/network-scripts/rule-eth0
  iff lo prio <integer>  table 1

    These files can also be created using the bond interface as well.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.