Problem description:
I have a rather complicated issue where I can't seem to figure out how to effectively tackle it; Suppose there's the following setup:
There is 1 linux machine, connected to 3 sets of networks, let's call them A, B, and C.
The linux machine can get through the internet through network A. It has a private ip address on this network, but NO NAT is enabled on it; e.g. any other machines that are routed through this network which have a public ip given out by it can connect to the internet through it, but the computer in question cannot do so.
Network B is a public ip network set; a set of several public networks. By default, packets from B are either routed back into B, and for all other destinations not in B are routed via A.
Network C is, like A, also a network where the machine has a private address. However, here NAT is enabled. Network C can be used to communicate with the internet, but devices on network B are not allowed to route through C, they have to route through A.
Currently, the linux machine can't talk to the internet. I want it to be able to do so (e.g. ping www.stackoverflow.com to not return timeout).
How to tell linux to use another gateway for its own traffic, and only its own traffic (source or destination == localhost)?
Important
I do not want to route all the traffic to the internet over just one network. The traffic coming/going to the internet needs to use two networks, depending on source: Everything from the linux machine over one network (C), everything that it routes (that isn't on one of its local ranges), it routes over the other one (A).
Tentative solution
First, I thought to just add 'from/to localhost' to the ip rule
table, yet this is not allowed. What's the easiest way to allow this router to use another router on network C as its gateway, but only from traffic originating from the machine itself?
Essentially, what I'd want is something that would be equivalent to the example below, if that would actually work in the naïve, intuitive way:
0: from all lookup local
32000: from localhost lookup myroute
32100: from all lookup main
32767: from all lookup default
ip route add default dev eth-for-network-C via ...
. If that doesn't work, please edit your question with the output ofip addr
andip route
.iptables
). But you still need the default route to network C, and it still has nothing to do with "forwarding localhost". Localhost is the address of the computer itself via the loopback device ("network D", if you want), and nothing else.