From: "Cédric de Launois" <delaunoi@info.ucl.ac.be>
To: Netfilter-devel <netfilter-devel@lists.samba.org>
Subject: New target 'ROUTE' and new table 'rsip'
Date: 10 Jun 2002 11:23:12 +0200 [thread overview]
Message-ID: <1023700992.3124.29.camel@descartes> (raw)
Hi,
Here is an extension to directly reroute packets without modifying
them, even and especially if those packets are destined to the router
itself. Those packets are locally delivered and cannot be forwarded to
another computer using the standard routing mechanisms.
Sometimes, this is useful to redirect them to another computer, without
modification, e.g. when using the new RSIP protocol (RFC3102, RFC3103,
see http://openresources.info.ucl.ac.be/rsip for more info).
This extension includes a new target, called 'ROUTE', and a new table,
called 'rsip'. It provides a way to reroute those packets to an
interface selected by the user.
Source files are available at
http://openresources.info.ucl.ac.be/rsip/netfilter/
These files are not yet packaged in any way. Sorry.
Example
-------
With RSIP, we can lease some ports (8000-8200 here) to one of
our private host. The host has the same IP as its router, so that
packets may remain unmodified when going through the router.
We want to reroute tcp packets coming from eth0 with dst port
8000-8200 towards iface tunl1 (in order to forward them to the
host) :
eth0 +------+ 192.168.0.1 192.168.0.2 +----+
----------------|router|--------------------------------|host|
IP: 150.150.0.1 +------+ +----+
| | tunl1 tunnel IP: 150.150.0.1 | |
| +-----------------------------------+ |
+---------------------------------------+
We do :
iptables -A PREROUTING -i eth0 -p tcp --dport 8000:8200 -j ROUTE
--iface tunl1
The new files
-------------
a) The new 'ROUTE' target :
* ipt_ROUTE.c in /usr/src/linux/net/ipv4/netfilter
* ipt_ROUTE.h in /usr/src/linux/include/linux/netfilter_ipv4
b) A new 'rsip' table, with only PREROUTING hook, and priority -170
== after Conntrack but before Mangle, NAT,... (since we do not
want those packet being altered in any way)
* iptable_rsip.c in /usr/src/linux/net/ipv4/netfilter
c) Extension to make iptables support the new 'ROUTE' target :
* libipt_ROUTE.c in iptables-x.x.X/extensions
Any comment ?
Thanks,
Cédric
next reply other threads:[~2002-06-10 9:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-10 9:23 Cédric de Launois [this message]
2002-06-11 7:40 ` New target 'ROUTE' and new table 'rsip' Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1023700992.3124.29.camel@descartes \
--to=delaunoi@info.ucl.ac.be \
--cc=netfilter-devel@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.