From: "Andrea Iacopini" <andrea.iacopini@realtech.it>
To: netfilter@lists.netfilter.org
Subject: Re: ROUTE and source IPv6 routing - how ?
Date: Tue, 2 Dec 2003 10:35:05 +0100 [thread overview]
Message-ID: <012801c3b8b7$91ecb140$fefa1fac@Merlin> (raw)
In-Reply-To: 1070352120.1383.9.camel@descartes
unsubscribe
========================================================================
Andrea Iacopini,
Technology Solutions, Networking and Security Competence Center
REALTECH Italia S.p.A. - Technology drives e-Business
Via Paolo di Dono, 73 - 00142 Roma, Italy
andrea.iacopini@realtech.it
Mobile + 39 335 123.44.93
Tel. +39 06 51.95.981, Fax. +39 06 51.96.36.74
========================================================================
Valued IEEE Member,
Member NO: 41412812
Real hackers don't die, just their TTL expires. [Unknown]
----- Original Message -----
From: "Cedric de Launois" <delaunois@info.ucl.ac.be>
To: "Pawel Hadam" <Pawel.Hadam@imag.fr>
Cc: <netfilter@lists.netfilter.org>
Sent: Tuesday, December 02, 2003 9:02 AM
Subject: Re: ROUTE and source IPv6 routing - how ?
Le lun 01/12/2003 à 16:22, Pawel Hadam a écrit :
> Hi all
>
> I have two hosts and both have two NICs.
>
> CLIENT: eth0 - ipc0 = 2001:660:5301:26:2c0:9fff:fe1a:caca
> eth1 - ipc1 = 2001:688:1fa1:2:204:75ff:fef8:93a4
>
> SERVER: eth0 - ips0 = 2001:660:5301:26:210:5aff:febe:bb78
> eth1 - ips1 = 2001:688:1fa1:2:204:75ff:fee8:52fd
>
> As you can see, both eth0 are connected to the same LAN (so have IPv6
> addresses from the same LAN), and both eth1 are connected to the second
> LAN.
>
> According to the normal IPv6 routing, all packets exit from CLIENT to ips0
> always via eth0, and to ips1 always via eth1.
>
> But when I have a client program bound to ipc0 (src = ipc0) I would like
> to see all packets exiting via eth0, both packets going to ips0 and to
> ips1. The same way, packets from a client bound to ipc1 (src = ipc1)
> should always exit via eth1. Like this:
>
> 1) (ipc0 -> ips0) via eth0
> 2) (ipc0 -> ips1) via eth0
> 3) (ipc1 -> ips0) via eth1
> 4) (ipc1 -> ips1) via eth1
>
>
> To obtain this I used kernel 2.4.22 with netfilter and patch-o-matic
> module ROUTE, and configured this way:
>
>
> mykonos:~ # ip6tables -t mangle -A POSTROUTING --source
> 2001:660:5301:26:2c0:9fff:fe1a:caca -j ROUTE --oif eth0 --continue
>
> mykonos:~ # ip6tables -t mangle -A POSTROUTING --source
> 2001:688:1fa1:2:204:75ff:fef8:93a4 -j ROUTE --oif eth1 --continue
>
> mykonos:~ # ip6tables -t mangle -nL
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> ROUTE all 2001:660:5301:26:2c0:9fff:fe1a:caca/128 ::/0
> ROUTE oif:eth0 continue
> ROUTE all 2001:688:1fa1:2:204:75ff:fef8:93a4/128 ::/0
> ROUTE oif:eth1 continue
>
>
> But it works only in cases 1) and 4). In cases 2) and 3) it gives the
> following messages in /var/log/messages:
>
>
> Dec 1 15:52:29 mykonos kernel: ip6t_ROUTE: no explicit route found via
> interface eth1
>
> Dec 1 15:52:45 mykonos kernel: ip6t_ROUTE: called with:
> DST=2001:0688:1fa1:0002:0204:75ff:fee8:52fd
> GATEWAY=0000:0000:0000:0000:0000:0000:0000
> :0000 OUT=eth0
>
> Dec 1 15:52:45 mykonos kernel: ip6t_ROUTE: no explicit route found via
> interface eth0
>
> Dec 1 15:52:48 mykonos kernel: ip6t_ROUTE: called with:
> DST=2001:0688:1fa1:0002:0204:75ff:fee8:52fd
> GATEWAY=0000:0000:0000:0000:0000:0000:0000
> :0000 OUT=eth0
>
>
>
> And I cannot see any packet exiting any interface.
>
> Could anybody help me with this configuration to reach my target, please
> ??? Or maybe I should change something in my routing table ???
You have to add an entry in your routing table saying that destination
2001:688:1fa1:2:204:75ff:fee8:52fd is reachable through iface ipc0.
Otherwise the ROUTE target can't figure out whether the destination
is on-link or gateway'ed.
Try with something like this :
ip -f inet6 route add 2001:688:1fa1:2:204:75ff:fee8:52fd dev eth0
Same remark applies for case 3).
Cedric
next prev parent reply other threads:[~2003-12-02 9:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-01 15:22 ROUTE and source IPv6 routing - how ? Pawel Hadam
2003-12-01 16:01 ` patch nth, load balancing Fabrice Grelaud
2003-12-02 8:02 ` ROUTE and source IPv6 routing - how ? Cedric de Launois
2003-12-02 9:35 ` Andrea Iacopini [this message]
2003-12-02 10:13 ` Pawel Hadam
2003-12-02 10:42 ` Cedric de Launois
2003-12-02 10:50 ` Pawel Hadam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='012801c3b8b7$91ecb140$fefa1fac@Merlin' \
--to=andrea.iacopini@realtech.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.