[LARTC] Routing by interface as opposed to ip address?

[LARTC] Routing by interface as opposed to ip address?

[Joe Devich]

Hello all,

Does anyone know of a methodology to build a route based on the inbound
and outbound interfaces as opposed to ip addresses? We are essentially
trying to forward packets from one interface to another without looking
at the ip address. Bridging (brctl, br2684ctl) will not work in this
case as the interfaces use different layer 2 encapsulation (e.g.,
atm0<=>eth0, or ppp0<=>eth0).

We could build a rule to match the incoming interface, then point to a
routing table with a default route set to the outbound interface. The
problem, with this approach is the limit of 255 routing tables in
iproute2. Presumably, it would consume 2 routing tables for each
"connection" (one forward, one reverse). We need more than 126
"connections" per box. 

Some commercial routers allow policy routing using only the interfaces
with ACL's, but it's not clear how this could be implemented in linux.
We use debian (2.4 kernel) distro with iproute2, iptables, etc. Any
suggestions would be most welcome.

Cheers,

Joe Devich

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Routing by interface as opposed to ip address?

[Krystian Antoni]

[-- Attachment #1.1: Type: text/plain, Size: 2328 bytes --]

netfilter.org <http://netfilter.org> is a alias for
iptables.org<http://iptables.org>:-)
 I haven't tested it becouse I was using an other way which I forgot to 
mention.
You can MARK packets using iptables as comming from an interface and later 
route by this MARK using normal routing technics.
Its all described in lartc.org <http://lartc.org> and took me half a day to 
get it working without knowing anything :-)
 On 5/9/05, Joe Devich <joe@mosaix.net> wrote:
 
>  OK, thanks. Researching your answer also turned me on the netfilter.org<http://netfilter.org/>website, which I didn't know about. Have you used/tested the ROUTE patch?
> 
>   Regards,
> 
>  Joe
>  
>   -----Original Message-----
> *From:* Krystian Antoni [mailto:krystianantoni@gmail.com] 
> *Sent:* Sunday, May 08, 2005 12:52 PM
> *To:* Joe Devich
> *Subject:* Re: [LARTC] Routing by interface as opposed to ip address?
> 
>  there is a iptables target module named ROUTE. it can help u
> 
>  On 5/6/05, *Joe Devich* <joe@mosaix.net> wrote:
> 
> Hello all,
> 
> Does anyone know of a methodology to build a route based on the inbound
> and outbound interfaces as opposed to ip addresses? We are essentially
> trying to forward packets from one interface to another without looking 
> at the ip address. Bridging (brctl, br2684ctl) will not work in this
> case as the interfaces use different layer 2 encapsulation (e.g.,
> atm0<=>eth0, or ppp0<=>eth0).
> 
> We could build a rule to match the incoming interface, then point to a 
> routing table with a default route set to the outbound interface. The
> problem, with this approach is the limit of 255 routing tables in
> iproute2. Presumably, it would consume 2 routing tables for each
> "connection" (one forward, one reverse). We need more than 126 
> "connections" per box.
> 
> Some commercial routers allow policy routing using only the interfaces
> with ACL's, but it's not clear how this could be implemented in linux.
> We use debian (2.4 kernel) distro with iproute2, iptables, etc. Any 
> suggestions would be most welcome.
> 
> Cheers,
> 
> Joe Devich
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> 
> 
> 
> -- 
> Miłego Dnia
> Krystian Antoni 
> 



-- 
Miłego Dnia
Krystian Antoni

[-- Attachment #1.2: Type: text/html, Size: 5210 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc