Sure. iproute2, fortunately, comes pre-installed with everything I needed on CentOS 6.7 (not sure about other versions). The thing to keep in mind is that only one thing I did endures a reboot by default, and that's the declaration of the "tables" (iproute2 is based off of being able to run multiple routing tables simultaneously). You can add tables with this command:
# echo [unique ordering number] [unique table name] >> /etc/iproute2/rt_tables Tutorials I saw were listing ordering numbers around 100 or 200... not sure what the complete viable range is, but each table needs a unique number. For our purposes, we were using table names such as "staff" or "student" (obviously, no quotation marks in the command). And of course, the rt_tables file for you might be in a different location... adjust accordingly. After that, you need to run the following commands. First is the template, then an example. We ended up putting it in a bash script that is run from our /etc/rc.d/rc.local file so that it is re-instated on boot. # ip route add [internal IP range] dev [internal eth] src [server internal IP] table [name of ruleset] # ip route add default via [desired external gateway] dev [external eth] table [name of ruleset (same as above)] # ip rule add to [internal IP range] table [name of ruleset (same as above)] # ip rule add from [internal IP range] table [name of ruleset (same as above)] ip route add 192.168.16.0/24 dev eth0.16 src 192.168.16.1 table student ip route add default via 172.20.0.10 dev eth2 table student ip rule add to 192.168.16.0/24 table student ip rule add from 192.168.16.0/24 table student And we are also happy to report that we have not seen any conflicts with PacketFence using this at this time. It didn't mess up the registration process or anything that we've been able to tell. We haven't put it into Production yet, but the test environment held up. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-9161-630 On Fri, Oct 16, 2015 at 12:19 AM, Durand fabrice <[email protected]> wrote: > Hello Joshua, > > maybe you can share what you did with iproute2 ;-) > > Regards > Fabrice > > > > Le 2015-10-15 07:35, Nathan, Josh a écrit : > > Thanks Fabrice! I was able to get it working with that! > > Thanks, > Joshua Nathan > IT Administrator > Black Forest Academy > +49 (0) 7626-9161-630 > > > On Wed, Oct 14, 2015 at 3:36 PM, Fabrice DURAND <[email protected]> > wrote: > >> Hello Joshua, >> >> you will need to configure iproute2 to do that. >> <http://www.lartc.org/howto/>http://www.lartc.org/howto/ >> >> regards >> Fabrice >> >> >> >> Le 2015-10-14 05:08, Nathan, Josh a écrit : >> > Hello all, >> > >> > So... I see where PacketFence has the option to specify that there are >> > multiple SNAT interfaces, but I've not found where/all to specify >> > which one to use... Here's what I want to do. >> > >> > Within an Inline environment, I want to specify that VLAN 15 (ex. >> > eth0.15) reaches the Internet via eth1, and VLAN 16 (eth0.16) reaches >> > the Internet via eth2. Is there a built-in way for PacketFence to do >> > that? In the networks.conf file I see the NATing enabled or disabled >> > option, but I haven't see where I can flag different internal >> > interfaces to use different SNAT interfaces. >> > >> > Thanks, >> > Joshua Nathan >> > IT Administrator >> > Black Forest Academy >> > +49 (0) 7626-9161-630 >> > >> > >> > >> > >> ------------------------------------------------------------------------------ >> > >> > >> > _______________________________________________ >> > PacketFence-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> -- >> Fabrice Durand >> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo ( <http://www.sogo.nu> >> http://www.sogo.nu) and PacketFence (http://packetfence.org) >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
