Re: Use iptables to force next hop

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michal Soltys <soltys@ziu.info>
To: Alex Bligh <alex@alex.org.uk>
Cc: netfilter@vger.kernel.org
Subject: Re: Use iptables to force next hop
Date: Thu, 08 Nov 2012 23:13:57 +0100	[thread overview]
Message-ID: <509C2EA5.6050201@ziu.info> (raw)
In-Reply-To: <FABE6FFC-E757-421A-BB4B-F18975F31E9B@alex.org.uk>

On 2012-11-08 22:08, Alex Bligh wrote:
> Is it possible to use iptables to force the next hop in (e.g.) the
> FORWARD table?
> 
> I know it is possible to do this with 'ip rule' and friends, but for
> various reasons (non-proliferation of tables) I'd like to do this in
> just iptables if possible. Let's assume I know what I'm doing, and the
> effect that I want is that if the iptables rule matches, I want to set
> the next hop (irrespective of the routing table) to an IP address
> which I can guarantee is on a directly connected interface.
> 

You can do hybrid of sorts - that is set mark in iptables (with all the
matching power of iptables), then use fwmark match in ip rule.

Not precisely what you're after, but gives you the same - unless of
course you want to avoid ip rule at all cost. Once in the past there was
ROUTE target, but it was dropped at some point (I think). Besides, ip
rule fwmark provides essentially the same.

next prev parent reply	other threads:[~2012-11-08 22:13 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-08 21:08 Use iptables to force next hop Alex Bligh
2012-11-08 22:13 ` Michal Soltys [this message]
2012-11-09  7:44   ` Torsten Luettgert
2012-11-09 16:50   ` Alex Bligh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=509C2EA5.6050201@ziu.info \
    --to=soltys@ziu.info \
    --cc=alex@alex.org.uk \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.