I am testing BIRD to put into production to replace several VPN appliances I am using to route to my AWS site. I've never used BIRD before so please forgive ignorance/ If I put a test windows machine behind this routing server I am able to route to my amazon nets and my other networks locally, however I cannot route to the internet.
I can see in my BIRD routing tables an entry for 0.0.0.0/0
bird> show route
0.0.0.0/0 via 204.244.x.x on eth1 [kernel1 15:03] * (10)
172.30.0.176/28 dev eth0 [static1 15:07] ! (200)
192.168.120.0/23 via 204.244.x.x on eth1 [R1 15:03 from 10.0.0.241] * (100/?) [AS7224i]
172.31.5.80/29 dev eth0 [static1 15:07] ! (200)
Would this be causing issues with routing out to the internet from a server in the 172.30.0.176/28 network that is using the router as its default gateway? If so how can I change the routing so that BIRD doesn't try to route internet traffic and only traffic for the internal networks?
Below is my configurations:
Client machine: IP 172.30.0.188/28 gateway 172.30.0.190
BIRD configuration:
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
#router id 10.0.0.245;
function avoid_martians()
prefix set martians;
{
martians = [ 169.254.0.0/16+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ];
# Avoid RFC1918 networks
if net ~ martians then return false;
return true;
}
function avoid_crappy_prefixes()
{
if net.len < 8 then return false;
if net.len > 24 then return false;
return true;
}
filter bgp_out
{
if net = 192.168.120.0/23 then accept;
else reject;
}
filter bgp_in {
if avoid_martians() && avoid_crappy_prefixes() then accept;
else reject;
}
# Sync bird routing table with kernel
protocol kernel {
learn;
persist;
scan time 20;
export all;
}
# Include device route (warning, a device route is a /32)
protocol device {
scan time 10;
}
protocol static {
route 172.30.0.176/28 via "eth0";
route 172.31.5.80/29 via "eth0";
}
protocol bgp R1 {
local as 65200;
neighbor 10.0.0.241 as 65100;
multihop;
import filter bgp_in;
export filter bgp_out;
}
Router interfaces configuration
# The loopback network interface
auto lo
iface lo inet loopback
# Internal Network
auto eth0
iface eth0 inet static
address 172.30.0.190
netmask 255.255.255.240
# External Network
auto eth1
iface eth1 inet static
address 204.244.x.x
netmask 255.255.255.128
gateway 204.244.x.y
# BGP Router IP
auto eth1:1
iface eth1:1 inet static
address 10.0.0.245
netmask 255.255.255.252
# DAG Network IP
auto eth0:1
iface eth0:1 inet static
address 172.29.0.126
netmask 255.255.255.240
# Test network IP
auto eth0:2
iface eth0:2 inet static
address 172.31.5.81
netmask 255.255.255.248
Best Answer
I've managed to resolve my problem. The issue here was a NAT one. The router was passing through the traffic to the internet not on the public IP of the router but as the internal IP of the machine which is obviously why it wouldnt work. By adding NAT rules for the network I resolved the problem.