Foreign upstream gateway for remote maintenance
Bernd Naumann
bena at spreadshirt.net
Fri Mar 26 09:58:17 CET 2021
Good morning Nils,
On 26.03.21 08:47, Nils van Lück wrote:
> Hello!
>
> I am using the latest Bird version from the git repo under Debian. I
> have one dedicated NIC for the LAN, one dedicated NIC for BGP sessions
> and one NIC with an IP from a foreign ASN for remote maintenance. How
> can I make the routed traffic go through Bird but still connect to a
> foreign gateway via SSH through another NIC? Also the operating system
> updates (apt-get) should run over the third NIC and not over the bird
> routes.
>
> NIC 1: LAN / OSPF
> NIC 2: BGP / Peering / routed traffic over bird
> NIC 3: foreign gateway fo remote maintenance of the routers debian instance
>
> Regards,
>
> Nils van Lück
I'm not 100% sure... but I see two two ways, but both with limitations.
Maybe someone can comment on these approaches, or provide an alternative
better idea.
1) Use different routing tables. This way you can ensure that traffic
which hits nic3 goes out of nic3 then.
See https://tldp.org/HOWTO/pdf/Adv-Routing-HOWTO.pdf Section 4.2.1.
Split access for the general setup
But I do not know how you would /tell/ `apt` to use that table or a
specific source address (so its traffic would then go out of nic3).
However, bird is able to use different tables.
2) Using namespaces
Start `sshd` in a separate namespace, and call `apt` also only from
within this namespace. This namespace would only have `lo` and `nic3`.
See for instance https://lwn.net/Articles/580893/
While using a namespace for sshd and apt, you would not need to
configure bird / tell bird about it.
Hope this helps somehow.
Best,
Bernd
More information about the Bird-users
mailing list