Source based routing on Checkpoint SPLAT

If you have 2 internet connections, or for whatever reason need to route specific traffic down a specific interface, by default you are stuck – checkpoint do not officially support source based routing on the SPLAT platform.

But it is possible using the underlying system.

To create a route that allows all traffic from 10.0.0.0/24 to route through interface 5 try the following:

We add a new routing table by adding to the file:

echo "100 Defaultroute2" >> /etc/iproute2

This will create a new routing table called Defaultroute2.The default routing tables are numbered 253 & above, so as the number assigned to this table is less than 253, ie: 100, it will be used BEFORE the default routes. Next we set up a new rule for this table:

ip rule add from 10.0.0.0/24 table Defaultroute2

This adds a rule that says any traffic FROM 10.0.0.0/24 will have the routing in the Defaultroute2 routing table applied. Next we set up some new routes:

ip route add default via 192.168.0.1 dev Lan5 table Defaultroute2

This sets a default route that pushes traffic to the gateway address 192.168.0.1 via the device Lan5. This route applies to any traffic going via the Defaultroute2l routing table. We can add more routes to this table, so for instance we could route traffic to other IP addresses via a different gateway:

ip route add 212.111.123.0/24 via 212.104.137.254 dev Lan5 table Defaultroute2
and bingo you have not implemented source based routing.
Dont forget however that this config will need to be applied on each boot, or else create a simple startup script.

You can follow any responses to this entry through the RSS 2.0 feed.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This blog is kept spam free by WP-SpamFree.