Hi people! Today we are going to do a simple but useful task using Linux routing tables. So let's get into it.
What is Routing?
Routing is a means of sending an IP packet from one point to another. For instance, when you send a message to your friend. How does it reach the destination?
Our system sends the packets that carry our message to our gateway. This gateway then forwards the packets to another gateway or router and the process continues until the packet reaches our friend's system.All this information on how packets are to be forwarded is stored in a kernel structure called a Routing Table.
Moreover, the system will create a network packet for the destination only if the IP falls in the range of the entries in the routing table otherwise packet will not even be created.
Here in below screenshot because I have deleted rule to access google.com from the routing table the packet will not be created and will directly say the network is unreachable
But when I try to ping 192.168.43.222 which doesn't exist but because its entry is in the routing table the packets will be created and sent.
Task
Now that we know what is routing table and what it is used for, let's do our task. So in this task, we try to manipulate the routing table in a way so that it can only access the Google servers.
Let's Start
So by default in Linux, we can ping all the servers around the world if we have proper connectivity. This is by default in the routing table. We can check the routing table using
route -n
or
ip route show
"route -n" has more human-readable syntax so we will go with that for this tutorial. So our initial routing table looks like this.
The first entry in the routing table says if we want to go to any IP in the world then we forward the request to our gateway which 192.168.43.1
So we need to delete this rule from the table. To delete the rule we can use
route -del -net 0.0.0.0/0
So now our rule has been removed.
Now we are cut-off from the internet completely.
Now if we want to connect only to google server then we can add a specific rule in the routing table which allows only google server IPs.But if you try to find the IP of google.com you will notice that IP keeps on changing.
It may be due to clusters of load balancers or similar used by Google to manage the huge amount of traffic it gets. We can use nslookup to check the IPs of google.
Here you can see it mostly ranges in 172.217.0.0/16 and 216.58.0.0/0, so we need to add these IP ranges in the routing table. We can do this by using
route add -net <IP_range> gw <gateway> <interface_name>
Here the pic of same.
Now let's test if it works.
As you can see now we can access the Google server but not any other like Facebook. So this completes our task.
This can useful in scenarios where admins want to restrict the access of the users to only some particular websites or similar. Yes, this also can be done with the firewalls but this is also another option if you need.