Hello,
I have a UTM-570 which runs SPLAT, NGX R65 HFA40. I am using
iproute2 ip rules (I know, not supported). They do work fine, but they do not survive a reboot.
I followed some great instructions from simon's post (
How the policy based routing works) about how to use iproute2 ip rules to perform the policy based routing. The only thing that survives a reboot is the /etc/iproute2/rt_tables file. The actual rules are lost after the reboot, however.
I have searched for solutions but outside of possibly modifying the OS startup scripts (maybe /etc/rc.d/rc.local) - which I don't believe is the greatest idea - are there any other options?
Here is what I am actually doing (public IPs have been changed to protect the innocent).
The setup:Int interface: my internal subnets
Ext interface: my Internet ISP #1
Lan1 interface: my local video proxy server - 2.0.0.1 /27
Lan2 interface: my Internet ISP #2 I want to dedicate for the video proxy server - 1.1.1.2 /27
I have my video proxy server located inside the Lan1 interface routing all of its Internet traffic to ISP #2 via the Lan2 interface.
I use ISP #2 to dedicate all traffic to/from the video proxy server, so I don't believe the ISP redundancy setup will work for me (it's for load sharing, correct?). That is why I'm trying this PBR setup.
In expert mode, I perform the following steps:echo "100 vidnet_dedicated" >> /etc/iproute2/rt_tables
ip route add default via 1.1.1.1 table vidnet_dedicated
ip rule add from 2.0.0.0/27 table vidnet_dedicated
ip route flush cache
The above steps work. Again, the problem is after a reboot I lose the actual routes and rules.
I think my only other option is to do the PBR on an upstream router, but I figured I would give this a shot first.
Thanks for your help in advance.
-Jeff
--
Barry's Checkpoint CCSA CCSE Certification rocks! :-)