Source based routing on Checkpoint SPLAT

If you have 2 internet connections, or for whatever reason need to route specific traffic down a specific interface, by default you are stuck – checkpoint do not officially support source based routing on the SPLAT platform.

But it is possible using the underlying system.

To create a route that allows all traffic from to route through interface 5 try the following:

We add a new routing table by adding to the file:

echo "100 Defaultroute2" >> /etc/iproute2

This will create a new routing table called Defaultroute2.The default routing tables are numbered 253 & above, so as the number assigned to this table is less than 253, ie: 100, it will be used BEFORE the default routes. Next we set up a new rule for this table:

ip rule add from table Defaultroute2

This adds a rule that says any traffic FROM will have the routing in the Defaultroute2 routing table applied. Next we set up some new routes:

ip route add default via dev Lan5 table Defaultroute2

This sets a default route that pushes traffic to the gateway address via the device Lan5. This route applies to any traffic going via the Defaultroute2l routing table. We can add more routes to this table, so for instance we could route traffic to other IP addresses via a different gateway:

ip route add via dev Lan5 table Defaultroute2
and bingo you have not implemented source based routing.
Dont forget however that this config will need to be applied on each boot, or else create a simple startup script.

You can follow any responses to this entry through the RSS 2.0 feed.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This blog is kept spam free by WP-SpamFree.