How to translate "ip route add local 0.0.0.0/0 dev lo table 100" to systemd-networkd?

linux-networking systemd-networkd

I am trying to setup a software router with the goal of routing packets to a proxy server on the router. The tutorial I am reading has the following routing rules:

ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100

and the following iptables rules:

iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -d [Private Addresses] -j RETURN
iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j V2RAY

The whole thing works perfectly. But now I am moving to use systemd-networkd to avoid any startup scripts, and I am having trouble to convert ip route add local 0.0.0.0/0 dev lo table 100 to systemd-networkd language.

My first question is, what does this route do? My understanding so far is:

  • iptables add a firewall wall mark 1.
  • The rule selects all packets with mark 1 to use routing table 100.
  • The route is added to table 100, so it only applies to packets with mark 1.
  • The "0.0.0.0/0" part means it is a default route.
  • But what does "local" mean here? Why device lo? Why do we need a route here? Can't iptables handle this directly?

My second question is how to do this in systemd-networkd.

For matching packets with mark 1, it seems easy (and worked on my router):

[Match]
Name = *

[RoutingPolicyRule]
FirewallMark = 1
Table = 100

I am not sure if Name = * is required though. Does this make sure that any packet from any device, as long as it has mark 1, will be routed using table 100? Or could I match some particular network device here?

I cannot, however, make the route in systemd-networkd. My attempt so far is:

[Match]
Name = lo

[Route]
Type = local
Destination = 0.0.0.0/0
Table = 100

But it seems that this has no effect: ip route show table 100 actually gives:

Error: ipv4: FIB table does not exist.
Dump terminated

How should I approach this?


Solution 1:

[Match]
Name = lo

[RoutingPolicyRule]
FirewallMark = 1
Table = 100
Priority = 100

[Route]
Table = 100 
Destination = 0.0.0.0/0
Type = local

Combine them into one file

Related

The sysvol permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain
Powershell - inconsistent output from the same code
freeradius, rlm_rest : Failed to Authenticate user
Is it possible to determine the mailserver software (MTA) used based on a domain?
How to configure iptables to use apt-get in a server? [closed]
How to manage URL rewrites with a GCP load balancer?
Dell NX3330 installing Windows Server OS? [closed]
A personal project that one improves constantly
Word for "sewing clothing" that isn't gender-specific
Term for Negative Promotion
What's the word for "changing the discussion level/style"?
What do you call someone who is affected by an action, whether positively or negatively?