My setup consists of a hardware node, which hosts several virtual machines (OpenVZ, to be precise). The hardware node has two network interfaces (<ifA>, <ifB>) connected to different subnets (<networkA>, <networkB>). I want to route the traffic of certain VEs over <ifB> while routing the other VEs traffic (and the hardware node itself) through the other interface <ifA>.
Searching the internet i found some related explanation (see this thread) and tried to adapt it for my purposes, but failed. The idea was to create a second routing table and direct all packages to/from a certain group of VEs to it (and hence <ifB>) by marking them via iptables. My (not working) setup looks like:
local interfaces: ifA (in networkA) is routed via routerA, ifB (in networkB) is routed via routerB, ifA contains the default route for the system (to routerA) and is also used for some VEs. The part of ifA works, i failed in setting up proper routing for ifB and its dependent VEs.
echo "100 dsan" >> /etc/iproute2/rt_tables
ip route add <networkB> dev eth4 proto kernel src <ifB> table 100
ip route add via <routerB> dev eth4 proto kernel table 100
ip rule add fwmark 2 table 100
iptables -t mangle -A FORWARD -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A FORWARD -d <networkB> -j MARK --set-mark 2
iptables -t mangle -A INPUT -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A INPUT -d <networkB> -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -d <networkB> -j MARK --set-mark 2
ip route flush cache
Any suggestions?
bakunin