ip rule shouldn't beat ip route

I'm running CentOS and are using ip route and ip rule for routing.

I've currently got an ip rule

from 10.8.23.0/28 table 1234

and ip route

default via 10.8.23.254 eth1
10.10.10.10 via 10.10.10.1 eth1
10.0.0.0/14 dev test-interface table 1234

It seems my ip rule succeds the second line in ip route, so even if destination IP is 10.10.10.10 my packets are still sent via test-interface if source IP is 10.8.23.0/28.

How can I make sure that 10.10.10.10 via 10.10.10.1 eth1 overrules the ìp rule` even when the source IP matches the rule? Hope it make sense :)

Testing ip route get 10.10.10.10 gives me:

10.10.10.10 via 10.10.10.1 dev eth1  src 10.8.23.1

but ip route get 10.10.10.10 src 10.0.0.13 gives me:

10.10.10.10 via 10.10.10.254 dev test-interface  src 10.8.23.1

So src IP is prioritized over destination IP.

Solution 1:

You can simply think of ip rule is that it is a way to create/have more ip routing tables (not just the default one).

To solve your issue, you need to add another ip rule entry to handle your specific route case. For example, you can use the following command:

$ sudo ip rule add to 10.10.10.10/32 lookup 123 priority 10

Here, I am assuming 10 is small enough to be the first ip rule. This depends on the output of ip rule ls. It will show you all rules according to priority (a smaller value means higher priority and is shown first).

If you need to combine source and destination checks in your ip rule, you can use:

$ sudo ip rule add from 10.8.23.0/28 to 10.10.10.10/32 lookup 123 priority 10

The table 123 should contain the right route such as:

$ sudo ip route add 10.10.10.10/32 via 10.10.10.1 table 123