From: David Coulson <david@davidcoulson.net>
To: John Lumby <johnlumby@hotmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Removal of ROUTE target - what now?
Date: Fri, 03 Aug 2007 21:37:29 -0400 [thread overview]
Message-ID: <46B3D859.8090906@davidcoulson.net> (raw)
In-Reply-To: <BAY137-F26BDAB7CC7FE589BFB7F4DA3EB0@phx.gbl>
ip ru add from a.b.c.d table 20
ip ro add table 20 default via p.q.r.s
you can of course use 'ip ru add fwmark 8 table 20' to use a mark from
iptables rather than an IP address
Make sure you have reverse path filtering disabled on the interface too.
John Lumby wrote:
> I was a bit surprised to find this gone. I have read and
> partially understood the recent discussion here about it but I would
> appreciate some help or pointer.
>
> My use of ROUTE is very simple:
>
> Given a P-t-P network interface , call it ppp1, with IPV4 addr a.b.c.d
> and P-t-P address p.q.r.s,
> I want any packet with source address a.b.c.d to be routed via gateway
> p.q.r.s regardless of my current routing table. (the routing table
> would send it through some other gateway).
>
> iptables -t mangle -I POSTROUTING 1 -s a.b.c.d -j ROUTE --gw p.q.r.s
>
> This has worked just fine on kernel 2.6.14 for about 18 months, and
> use of ROUTE target is so simple - just the one rule.
>
> I accept what you say about the ROUTE implementation being "a hack and
> the proper solution to it is policy routing; e.g. based on
> fwmark." I assume this requires (for my example) having multiple
> routing tables and so on. I'm also not sure exactly how to do
> it. I would really appreciate:
>
> . if someone could either tell me fairly clearly how to do my
> application with mark and ip route or point to existing example
> . there is some mention of someone maybe reinstating a fixed
> version of ROUTE - I'd very much like to know if that is happening, in
> which case I'll wait for it.
> , or - failing that, is it safe (enough) to fall back to
> patch-o-matic-ng-20070729 and use its ROUTE? (in iptables 1.38 and
> kernel 2.6.20.9 or later)?
>
> Thanks John
>
> _________________________________________________________________
> Put Your Face In Your Space with Windows Live Spaces
> http://spaces.live.com/?mkt=en-ca
>
David
--
David J. Coulson
email: david@davidcoulson.net
web: http://www.davidcoulson.net/
phone: (216) 920-3099 / (216) 258-4942
next prev parent reply other threads:[~2007-08-04 1:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.1626.1186193632.14817.netfilter-devel@lists.netfilter.org>
2007-08-04 1:28 ` Removal of ROUTE target - what now? John Lumby
2007-08-04 1:37 ` David Coulson [this message]
2007-08-04 8:41 ` Jan Engelhardt
2007-08-04 13:47 ` David Coulson
2007-08-04 14:22 ` Jan Engelhardt
2007-08-06 1:27 John Lumby
2007-08-06 8:12 ` Jan Engelhardt
2007-08-06 17:50 ` John Lumby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46B3D859.8090906@davidcoulson.net \
--to=david@davidcoulson.net \
--cc=johnlumby@hotmail.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.