You can do policy routing, i.e., have multiple routing tables, and select the routing table to use based on your source address (in general other fields, but not relevant here). Note that the table numbers shown below are arbitrarily chosen.
I do not know how to do policy routing using route
from the net-tools
package. It's long deprecated anyway. Use ip
from the iproute2
package.
You'll also need to have policy routing enabled in your kernel. The major distributions do this by default if I am not mistaken.
Start from a clean state, if appropriate:
# Assumes that previous configuration properly set address and route scopes
ip route flush all proto static scope global
Then add the tables for each interface.
ip route add 10.0.0.3/24 dev eth0 table 5000
ip route add default via 10.0.0.254 dev eth0 table 5000
ip route add 10.0.1.1/24 dev eth1 table 5001
ip route add default via 10.0.1.26 dev eth1 table 5001
One then sets up routing rules:
ip rule add from 10.0.0.3 table 5000
ip rule add from 10.0.1.1 table 5001
The last step is to configure the default gateway for when you are the initiator, so to speak.
If you want to only use eth0
as the default gateway, then just do something like this:
ip route add default via 10.0.0.254 dev eth0
Note that there is no table specified, so it defaults to main. Using eth1
is left as an exercise to the reader.
If you want to load-balance between the two, can do multipath routes using nexthop
.
ip route add default nexthop via 10.0.0.254 dev eth0 weight 1 nexthop via 10.0.1.26 dev eth1 weight 1
As for question two, no Linux does create a default route automatically. If there is no local route for your traffic, you'll get a EHOSTUNREACH
error.
EDIT: Note that none of the above should be taken to imply that IP is stateful, that it has anything to do with connections, or even an inherent notion of a flow. It merely means that we assume that a flow has always the same endpoints, and that we bind a flow to gateway depending on our source address. This is simply necessary because many gateways (esp. in the context of residential ISPs) do reverse path filtering.
Actually, I think the confusion comes from the fact that those instructions are mixing two topics :
- Dealing with policy routing
- Setting up your standard routing table in a best-practice way
These three lines
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $P1
are there to handle traffic that doesn't get matched by your policy routes for whatever reason (you add a loopback on the router for example, and use it for management). They are not strictly necessary for the PBR to work, but it's best to have them there all the same.
Best Answer
Your networking scripts are almost certainly calling the vconfig command.
To remove a VLAN interface use the command
vconfig rem interface
orvconfig rem eth4.401
. This will remove all the associated addresses and routes.You could run a command like
ip route flush dev eth4.401
andip addr flush eth4.401
, to flush all the routes and addresses associated with an interface without removing it. But you don't really need to do this in your case.