Replace Routing with Firewall (IPTables)
on Solutions
Last June (2019) another BGP issue is happened world wide. You can access more details at Cloudflare Blog .
Some IPs is affected with this issue. I don’t have any permission on my ISP to change my route.
There is a problem and I have to create some basic option to fix this issue until everything return to back.
So lets move on to temporally solution.
You now IPTables which is Linux Firewall management software has a PREROUTING option to pre route your request to another destination.
Some services uses more then one IP address or IP blocks and these services are accessible with another IP blocks. For example your Youtube.com is accessible at 172.217.169.110 (Sofia) and also 172.217.12.174 (Frankfurt) . If the problem occurs at Sofia Datacenter at google (172.217.169.110) (Occurred in 19 DEC 2019) you can move packets to 172.217.12.174 fix problem temporally.
# For one IP address or one net blocks
iptables -t nat -A PREROUTING -d 172.217.169.110 -j DNAT --to-destination 172.217.12.174
# IP list or net blocks.
cat my-ips.txt | while read line; do iptables -t nat -A PREROUTING -d $line -j DNAT --to-destination 172.217.12.174; done
# Only one port
# For one IP address or one net blocks
iptables -t nat -A PREROUTING -d 172.217.169.110 -p tcp --dport 443 -j DNAT --to-destination 172.217.12.174:443
# IP list or net blocks.
cat my-ips.txt | while read line; do iptables -t nat -A PREROUTING -d $line -p tcp --dport 443 -j DNAT --to-destination 172.217.12.174:443; done
Example tweet for this.
Routing de hatalı yönlendirme olan ip adreslerini çalışan hatasız olanlara ısp routing sistemine takılmadan Prerouting ile yönlendirme sonucu. #routing #leak pic.twitter.com/ulRybS7QBy— ahmetozer_org (@ahmetozer_org) June 24, 2019
This temporally fix is worked at my home router.
I hope we never encounter such problems again.