* [LARTC] iptables post/pre rountig problem
@ 2002-08-05 0:00 Robert Penz
2002-08-06 15:42 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Robert Penz @ 2002-08-05 0:00 UTC (permalink / raw)
To: lartc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I'm trying to exclude some ip ranges from my traffic filter, for that I mark
the packets in PRE-/POST-ROUTING.
If I mark them straight ahead it works, but if I want to do that in a user
chain I get the message that userchain.so can't beloaded.
iptables -N capped_in
iptables -N capped_out
# put all incoming traffic to IMQ
iptables -t mangle -A PREROUTING -i eth0 -j IMQ
# mark all packets which need to be capped
iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s !
xxx.xxx.xxx.0/24 -j capped_in
iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN
iptables -A capped_in -j MARK --set-mark 2
# now the outgoing traffic
iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d !
xxx.xxx.xxx.0/24 -j capped_out
iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN
iptables -A capped_out -j MARK --set-mark 1
Can anyone tell me how I can achieve? thx
- --
Regards,
Robert
- ----------------
Robert Penz
robert.penz@outertech.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9TcAj8tTsQqJDUBMRAoSfAKCDG3rDZsegmeR9HlvsnNptPIyiMwCdH/An
af69+Ymez7VxWqBtX8I40Yg=
=k0pV
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] iptables post/pre rountig problem
2002-08-05 0:00 [LARTC] iptables post/pre rountig problem Robert Penz
@ 2002-08-06 15:42 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2002-08-06 15:42 UTC (permalink / raw)
To: lartc
Hi Robert,
Robert Penz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> I'm trying to exclude some ip ranges from my traffic filter, for that I mark
> the packets in PRE-/POST-ROUTING.
>
> If I mark them straight ahead it works, but if I want to do that in a user
> chain I get the message that userchain.so can't beloaded.
>
> iptables -N capped_in
> iptables -N capped_out
>
> # put all incoming traffic to IMQ
> iptables -t mangle -A PREROUTING -i eth0 -j IMQ
> # mark all packets which need to be capped
> iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s !
> xxx.xxx.xxx.0/24 -j capped_in
> iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN
> iptables -A capped_in -j MARK --set-mark 2
>
> # now the outgoing traffic
> iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d !
> xxx.xxx.xxx.0/24 -j capped_out
> iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN
> iptables -A capped_out -j MARK --set-mark 1
>
> Can anyone tell me how I can achieve? thx
Did you try -t mangle -A capped_in/out ?
Your chains were created in the mangle table, so they can only be called
from within mangle.
Bye,
Patrick
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-08-06 15:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-08-05 0:00 [LARTC] iptables post/pre rountig problem Robert Penz
2002-08-06 15:42 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.