Outgoing interface selection by source address

Outgoing interface selection by source address

[Pawel Hadam]

Hi all

I have 2 local interfaces (eth0 & eth1) and thus 2 IPv6 addresses (src0 &
src1).

I have an SCTP/IPv6 application that binds to one of the addresses
(let's say src0) and sends packets to some destination (dst). But
according to the classical routing policy, all packets in this
connection (src0, dst) are routed via eth1. And I would like them to be
routed via interface eth0, as src0 is the address of eth0 not eth1.
Is it possible to do it with netfilter for IPv6 ? I mean, is it possible
to route the packets via the proper outgoing interface by theirs source
address, like this:

if (src = src0) then send via eth0
if (src = src1) then send via eth1
if (src = other) do whatever

Could anybody give any ideas how to solve my problem, please?

I am using linux-2.6.0-testXX versions.

With best regards
Pawel

Outgoing interface selection by source address

[Pawel Hadam]

Hi all

I have 2 local interfaces (eth0 & eth1) and thus 2 IPv6 addresses (src0 &
src1).

I have an SCTP/IPv6 application that binds to one of the addresses
(let's say src0) and sends packets to some destination (dst). But
according to the classical routing policy, all packets in this
connection (src0, dst) are routed via eth1. And I would like them to be
routed via interface eth0, as src0 is the address of eth0 not eth1.
Is it possible to do it with netfilter for IPv6 ? I mean, is it possible
to route the packets via the proper outgoing interface by theirs source
address, like this:

if (src = src0) then send via eth0
if (src = src1) then send via eth1
if (src = other) do whatever

Could anybody give any ideas how to solve my problem, please?

I am using linux-2.6.0-testXX versions.

With best regards
Pawel

Re: Outgoing interface selection by source address

[Ralf Spenneberg]

Am Don, 2003-11-27 um 14.55 schrieb Pawel Hadam:
> Hi all
> 
> I have 2 local interfaces (eth0 & eth1) and thus 2 IPv6 addresses (src0 &
> src1).
> 
> I have an SCTP/IPv6 application that binds to one of the addresses
> (let's say src0) and sends packets to some destination (dst). But
> according to the classical routing policy, all packets in this
> connection (src0, dst) are routed via eth1. And I would like them to be
> routed via interface eth0, as src0 is the address of eth0 not eth1.
> Is it possible to do it with netfilter for IPv6 ? I mean, is it possible
> to route the packets via the proper outgoing interface by theirs source
> address, like this:
It is, but not using netfilter (AFAIK). Take a look at the 
Linux Advanced Routing and Traffic Howto: lartc.org

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: VPN mit Linux
Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: Outgoing interface selection by source address

[Henrik Nordstrom]

On Thu, 27 Nov 2003, Pawel Hadam wrote:

> connection (src0, dst) are routed via eth1. And I would like them to be
> routed via interface eth0, as src0 is the address of eth0 not eth1.

For this you need to use policy routing. I assume this exists in IPv6 as 
well as it does in IPv4. This question is not really iptables related.

For IPv4 see the Linux advanced routing howto for details.

Regards
Henrik

Re: Outgoing interface selection by source address

[Sven-Haegar Koch]

On Thu, 27 Nov 2003, Henrik Nordstrom wrote:

> On Thu, 27 Nov 2003, Pawel Hadam wrote:
> > connection (src0, dst) are routed via eth1. And I would like them to be
> > routed via interface eth0, as src0 is the address of eth0 not eth1.
>
> For this you need to use policy routing. I assume this exists in IPv6 as
> well as it does in IPv4. This question is not really iptables related.

nope, no policy-routing for ipv6 - this is one of the big area's where
linux ipv6-support is still way behind ipv4.

c'ya
sven

-- 

The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)

Re: Outgoing interface selection by source address

[Pawel Hadam]

On Thu, 27 Nov 2003, Henrik Nordstrom wrote:

> > connection (src0, dst) are routed via eth1. And I would like them to
be
> > routed via interface eth0, as src0 is the address of eth0 not eth1.
>
> For this you need to use policy routing. I assume this exists in IPv6 as
> well as it does in IPv4. This question is not really iptables related.
> For IPv4 see the Linux advanced routing howto for details.

Thanks, I am affraid it works only with IPv4 (and not with IPv6), so I
asked here for some other solution.

Regards
Pawel

Re: Outgoing interface selection by source address

[Pawel Hadam]

On Thu, 27 Nov 2003, Sven-Haegar Koch wrote:

> > > connection (src0, dst) are routed via eth1. And I would like them to be
> > > routed via interface eth0, as src0 is the address of eth0 not eth1.
> >
> > For this you need to use policy routing. I assume this exists in IPv6 as
> > well as it does in IPv4. This question is not really iptables related.
>
> nope, no policy-routing for ipv6 - this is one of the big area's where
> linux ipv6-support is still way behind ipv4.

And that is what I was affraid of.

Maybe someone has any other idea how to route the IPv6 packet (with
fixed source address) via the proper interface, and not via the interface
chosen by destination address routing ???

Pawel

Re: Outgoing interface selection by source address

[Pawel Hadam]

On Thu, 27 Nov 2003, Henrik Nordstrom wrote:

> > connection (src0, dst) are routed via eth1. And I would like them to be
> > routed via interface eth0, as src0 is the address of eth0 not eth1.
>
> For this you need to use policy routing. I assume this exists in IPv6 as
> well as it does in IPv4. This question is not really iptables related.

And what does "IP6 tables support -> EUI64 address check" option in the
kernel ??? Cannot it be used to select the route by source address? In
help I can read:


CONFIG_IP6_NF_MATCH_EUI64:
This module performs checking on the IPv6 source address
Compares the last 64 bits with the EUI64 (delivered
from the MAC address) address


Pawel

Re: Outgoing interface selection by source address

[Henrik Nordstrom]

On Thu, 27 Nov 2003, Pawel Hadam wrote:

> And what does "IP6 tables support -> EUI64 address check" option in the
> kernel ??? Cannot it be used to select the route by source address? In
> help I can read:

It can match, but it can not select the route..

For this policy routing really should be used, but it might also be 
possible to implement at ROUTE target like in IPv4 iptables 
extra/ROUTE.patch if implementing policy routing is too hard.

Regards
Henrik

Re: Outgoing interface selection by source address

[IP v6]

I think it can be done with ROUTE-ipv6 patch made by Cedric de Launois. I asked a question about this a while ago as I had a compile error with it (it's fixed already btw) but I never got to actually test it due to lack of time but I believe it can be done with that, it's in POM cvs in extra/, have a look :)

-Robby
-----------------------------------------------------
Mail.be, WebMail and Virtual Office
http://www.mail.be