Configure Centos 6 as a Core-Router and IP Rule

Lab setup:

-Centos Core-Router Configuration:
  +interface: etho: 10.105.8.2/28
  +interface: eth1: 10.105.8.18/28

etho:

DEVICE=eth0
TYPE=Ethernet
UUID=5b12efd7-f29a-440b-87e6-f13c8b3f66d3
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:DF:26:EA
IPADDR=10.105.8.2
PREFIX=28
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
DNS1=8.8.4.4

eth1:

DEVICE=eth1
TYPE=Ethernet
UUID=5f362692-8491-405b-a47b-df51038a4c40
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:DF:26:F4
IPADDR=10.105.8.18
PREFIX=28
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"

Enable Packet forwarding
Just follow step 1 only no need to enable NAT.
Now start configure IP route and IP rule:
  +Create file for store main static route:
#vim /etc/iproute/main
Add this:

#/usr/sbin/ntpdate 0.centos.pool.ntp.org

#for lan-network
#ip route replace 10.105.0.0/16 via 10.105.8.4 table main

#for vpn
ip route replace 10.86.0.0/16 via 10.105.8.11 table main

#run rule from this file
sh /etc/iproute/iprule/defa
sh /etc/iproute/iprule/vpn
sh /etc/iproute/iprule/it

#In order to change a default gateway to another IP address:
ip route replace default via 10.105.8.4 table 8004

#pfsense-1 (default = 0.0.0.0)
ip route replace default via 10.105.8.21 table 8021

#add static route with table 8022 when setup rule forward with table 8022
ip route replace default via 10.105.8.22 table 8022

#add static route with table 8023
ip route replace default via 10.105.8.23 table 8023

#if we don't delete default route we can't use ip rule
ip route del default table default

#add static route with table default
ip route replace default via 10.105.8.22 table default

  + Create file for ip Rule
       #touch -p /etc/iproute/iprule/defa
       #touch -p /etc/iproute/iprule/vpn
       #touch -p  /etc/iproute/iprule/it
  add this:
  #vim /etc/iproute/iprule/defa

#ip rule
ip rule flush
ip rule add from all table main pref 1
ip rule add from all table default pref 32767

#default-8022 if no setup forward ip in ip rule,it use forward to table 8022
ip rule add from 10.105.0.0/16 table 8022 pref 10000

#table 8023,...we defind in /etc/iproute/main
#pref number (rule run from small to big number)
#office3-huawei
ip rule add from 10.105.3.0/24 table 8023 pref 2000
#xingxing-and-bedbug
ip rule add from 10.105.12.16/28 table 8023 pref 2000
#alipay
ip rule add from 10.105.9.128/28 table 8023 pref 800

#wifi-TP-LINK-6703
ip rule add from 10.105.11.224/28 table 8021 pref 1000

#wifi-1floor
ip rule add from 10.105.11.176/28 table 8021 pref 1000

#wifi 3rd floor manager room port sw:16
ip rule add from 10.105.11.240/28 table 8021 pref 1000

#VPN网络
ip rule add from 10.105.4.147 table 8004 pref 1000

#2nd-floor-office-wifi
ip rule add from 10.105.10.128/26 table 8021 pref 2000

#add all ip access to this ip with table 8021 pref 800
ip rule add to 23.89.158.80 table 8021 pref 800

#vim /etc/iproute/iprule/vpn

ip rule add from 10.105.8.10 table 8021 pref 500
ip rule add from 10.105.8.13 table 8021 pref 500
ip rule add from 10.105.8.14 table 8021 pref 500

#vim /etc/iproute/iprule/it

#it-department
ip rule add from 10.105.6.192/26 table 8021 pref 1500

ip rule add from 10.105.9.169 table 8022 pref 500

#samnang
ip rule add from 10.105.6.236 table 8023 pref 500
ip rule add from 10.105.9.201 table 8023 pref 1000
#mail-server
ip rule add from 10.105.9.199 table 8021 pref 1000

#vlan157(10.105.9.208/28)
ip rule add from 10.105.9.208/28 table 8022 pref 1500

then run rule using:
#sh /etc/iproute/main
after we can check ip rule by command:
#ip rule

[root@xm8002]# ip rule
0: from all lookup local 
1: from all lookup main 
100: from 10.105.9.233 lookup 8021 
500: from 10.105.8.10 lookup 8021 
500: from 10.105.9.169 lookup 8025 
500: from 10.105.6.236 lookup 8025 
500: from 10.105.11.110 lookup 8021 
500: from 10.105.11.100 lookup 8023 
800: from all to 23.89.158.80 lookup 8021 
800: from 10.105.11.96/28 lookup 8021 
2000: from 10.105.12.0/24 lookup 8021 
10000: from 10.105.0.0/16 lookup 8022 
32767: from all lookup default 

-for other router like pfsense: we need to configure wan interface and config lan(but no gateway or disable dhcp if no need) then add static route to 10.105.8.17
-in pfsense: go to system  => routing => on TAB route click add new =>select interface LAN, gateway: 10.105.8.17
Auto start ip rule when reboot:
#vim /etc/rc.local
add this:

/etc/iproute/main

Save and exit.
Test and Verify from client: 
Go to command prompt:
-tracert -d 8.8.8.8  (window)
-traceroute 8.8.8.8 (linux)
==================================
http://www.tecmint.com/ip-command-examples/