* iptables + ROUTE @ 2006-11-09 5:40 Mato Vidovic 2006-11-09 6:44 ` Seferovic Edvin 2006-11-09 10:11 ` Pascal Hambourg 0 siblings, 2 replies; 4+ messages in thread From: Mato Vidovic @ 2006-11-09 5:40 UTC (permalink / raw) To: netfilter Hi, I am new in iptables world - and after reading many discussions and studying iptables manpages etc. I am still missing a piece of puzzle to solve the following problem. I have a need to perform TOS based traffic routing. That means I have two interfaces (say eth0 and eth1) to backbone and I need to route the real-time critical IP traffic over eth1 and the remaining IP traffic over eth0. After a lot of experimenting I came to the conclusion that something like the following would do: # iptables -t mangle -A POSTROUTING -m tos --tos 16 -j ROUTE --oif eth1 # iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 Unfortunately the Linux box says: "No chain/target/match by that name" The kernel I use is 2.6.18, iptables version is the last debian stable version 1.2.11. Any idea what is wrong here (am I missing something in the configuration, or a library, or am I completely wrong maybe…)? Thanks for any help. Br. Mato -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: iptables + ROUTE 2006-11-09 5:40 iptables + ROUTE Mato Vidovic @ 2006-11-09 6:44 ` Seferovic Edvin 2006-11-09 10:11 ` Pascal Hambourg 1 sibling, 0 replies; 4+ messages in thread From: Seferovic Edvin @ 2006-11-09 6:44 UTC (permalink / raw) To: netfilter Hi, I am not sure, but you are probably missing the extra module from patch-o-matic-ng... http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-ROU TE E:S -----Original Message----- From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Mato Vidovic Sent: Donnerstag, 09. November 2006 06:41 To: netfilter@lists.netfilter.org Subject: iptables + ROUTE Hi, I am new in iptables world - and after reading many discussions and studying iptables manpages etc. I am still missing a piece of puzzle to solve the following problem. I have a need to perform TOS based traffic routing. That means I have two interfaces (say eth0 and eth1) to backbone and I need to route the real-time critical IP traffic over eth1 and the remaining IP traffic over eth0. After a lot of experimenting I came to the conclusion that something like the following would do: # iptables -t mangle -A POSTROUTING -m tos --tos 16 -j ROUTE --oif eth1 # iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 Unfortunately the Linux box says: "No chain/target/match by that name" The kernel I use is 2.6.18, iptables version is the last debian stable version 1.2.11. Any idea what is wrong here (am I missing something in the configuration, or a library, or am I completely wrong maybe.)? Thanks for any help. Br. Mato -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables + ROUTE 2006-11-09 5:40 iptables + ROUTE Mato Vidovic 2006-11-09 6:44 ` Seferovic Edvin @ 2006-11-09 10:11 ` Pascal Hambourg 1 sibling, 0 replies; 4+ messages in thread From: Pascal Hambourg @ 2006-11-09 10:11 UTC (permalink / raw) To: netfilter Hello, Mato Vidovic a écrit : > > I have a need to perform TOS based traffic routing. > That means I have two interfaces (say eth0 and eth1) to backbone > and I need to route the real-time critical > IP traffic over eth1 and the remaining IP traffic over eth0. > After a lot of experimenting I came to the conclusion that something > like the following would do: > > # iptables -t mangle -A POSTROUTING -m tos --tos 16 -j ROUTE --oif eth1 > # iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 Why not just use the TOS selection feature in advanced routing (involving routing rules and alternate routing tables) ? Something like : ip rule add tos 16 lookup tos16 priority 100 ip route add default dev eth1 table tos16 > Unfortunately the Linux box says: > "No chain/target/match by that name" > > The kernel I use is 2.6.18, iptables version is the last debian > stable version 1.2.11. > > Any idea what is wrong here (am I missing something in the > configuration, or a library, or am I completely wrong maybe...)? As Edvin Seferovic wrote, the kernel part of the ROUTE target is not included in the mainstream kernel yet. You can add it to your kernel source tree with the patch-o-matic-ng a build a ROUTE-capable kernel. ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <001301c4f465$2ae966b0$030aa8c0@T>]
* Re: iptables ROUTE [not found] <001301c4f465$2ae966b0$030aa8c0@T> @ 2005-01-10 10:07 ` Cedric de Launois 0 siblings, 0 replies; 4+ messages in thread From: Cedric de Launois @ 2005-01-10 10:07 UTC (permalink / raw) To: Tadas; +Cc: Netfilter-devel, Patrick Schaaf Le vendredi 07 janvier 2005 à 05:01 +0200, Tadas a écrit : > Hi, Hi, comments below... > I am using your iptables ROUTE module quite much, it is very usefull thing > which alows to do what most of people cant even imagine. > i prefer to use iptables route instead of linux native routing, because it > is more flexibe. --tee option should allow to fix multicast routing problem > now there is no way to route such traffic on linux You should also direct your mail to Patrick Schaaf, who coded the --tee option. > But something is wrong with --tee option, as I aunderstand it should not > affect anything, but packet disapears instead, and goes nowhere. > everything elese is working. I am using little old kernel 2.4.22 but that > should not be problem. > I used latest source code from CVS > > also seems this module somehow incorrectly handle multicat traffic, even > without tee option it should be able to forward it , > but I dont see anything on other side. > I am not sure is there are no other problems, why this dont work. So I will > check everything again, but seems there is some problems wih ROUTE module This option wasn't intented to solve multicast routing issues, so I'm not surprised of your problems. > Now I did not have time to fix these problems myself, you probably can do > that much easer, because you know better your own code. > also I think one more option is needed: now tee can only copy and send > immediately, what is not enough, because it may be nesecary to mangle packet > before sending. > the most easy way is to send copied packet to some iptables chain instead of > sending to interface. probably this is even more easy to implement. and much > more flexible. > because we can mark and route that copy anytime then. My feeling is also that we need something more flexible, like a target that duplicates a packet and sets a mark to it, so that further rules can be applied. Patrick : would this king of target fill your needs ? > I am going to write some iptables extensions too, but little later. What about a 'DUP' target ? Cedric ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-11-09 10:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-09 5:40 iptables + ROUTE Mato Vidovic
2006-11-09 6:44 ` Seferovic Edvin
2006-11-09 10:11 ` Pascal Hambourg
[not found] <001301c4f465$2ae966b0$030aa8c0@T>
2005-01-10 10:07 ` iptables ROUTE Cedric de Launois
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.