I am trying to setup a software router with the goal of routing packets to a proxy server on the router. The tutorial I am reading has the following routing rules:
ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 and the following iptables rules:
iptables -t mangle -N V2RAY iptables -t mangle -A V2RAY -d [Private Addresses] -j RETURN iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A PREROUTING -j V2RAY The whole thing works perfectly. But now I am moving to use systemd-networkd to avoid any startup scripts, and I am having trouble to convert ip route add local 0.0.0.0/0 dev lo table 100 to systemd-networkd language.
My first question is, what does this route do? My understanding so far is:
iptablesadd a firewall wall mark 1.- The rule selects all packets with mark 1 to use routing table 100.
- The route is added to table 100, so it only applies to packets with mark 1.
- The "0.0.0.0/0" part means it is a default route.
- But what does "local" mean here? Why
device lo? Why do we need a route here? Can't iptables handle this directly?
My second question is how to do this in systemd-networkd.
For matching packets with mark 1, it seems easy (and worked on my router):
[Match] Name = * [RoutingPolicyRule] FirewallMark = 1 Table = 100 I am not sure if Name = * is required though. Does this make sure that any packet from any device, as long as it has mark 1, will be routed using table 100? Or could I match some particular network device here?
I cannot, however, make the route in systemd-networkd. My attempt so far is:
[Match] Name = lo [Route] Type = local Destination = 0.0.0.0/0 Table = 100 But it seems that this has no effect: ip route show table 100 actually gives:
Error: ipv4: FIB table does not exist. Dump terminated How should I approach this?
