How to monitor routing decision on a linux router

Question

I have a linux server that realizes the routing between my local network and my two Internet connections (on 2 physical network cards).

I have configured my server :

1) With iptables, I use PREROUTING rules on the table mangle to mark packets from my local area:

• If no mark, routing use the default table
• If mark = x0001, routing use the specific table x0001

2) With iptables, I use FORWARD rules on the table filter to forward trafic from my local area to the internet cards

3) With "ip route" command, I constuct two tables of routing with different gateway

This configuration works perfectly since many months.

Today, I have a user who switches alternately of internet connections. I have logged the PREROUTING rules on iptables and I see that packets from this user, are already marked x0001 regardless of situations.

My conclusion : this packets should be used the same routing table so the same gateway and I think there is error during the routing decision

How can I monitor the routing decision ? What is the process that takes this routing decision ? Is it iptables ?

Thanks for your help.

Answer 1

You can create some kind of script to parse the output of commands that can "watch" what is happening with that routing tables. You can use ip route get command.

Look at this

I found these stuff here

I hope it helps.