Asymmetric Routing(devel)

Primarily when running OpenNOP in enviroment were two seprate routers are re-directing traffic to one or more OpenNOP appliances and return traffic should be passed back to the original re-directing router.

(1.) Mark|Tag inbound traffic from each router.

iptables -t mangle -A PREROUTING -m mac --mac-source xx:xx:xx:xx:xx:xA -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -m mac --mac-source xx:xx:xx:xx:xx:xB -j MARK --set-mark 0x2

Where xx:xx:xx:xx:xx:xA is the source MAC address of your 1st router and xx:xx:xx:xx:xx:xB is the source MAC address of your 2nd router. Mark as many as needed.

(2.) Create a routing table for each router.

echo 1 router1 >> /etc/iproute2/rt_tables
echo 2 router2 >> /etc/iproute2/rt_tables

(3.) Create a route in each table pointing back to that routers IP address.

ip route add default via <router1ip> table router1
ip route add default via <router2ip> table router2

(4.) Route all marked packets using the appropriate table.

ip rule add router1 1 table router1
ip rule add router2 2 table router2

• This is untested. Depending on if nfq_set_verdict() maintains a packets original marking there could be addition code changes to use nfq_set_verdict2() to reset the mark on traffic.