* Details on iif in ip rule
@ 2011-12-21 0:08 Aadith Koshy
2011-12-21 2:20 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Aadith Koshy @ 2011-12-21 0:08 UTC (permalink / raw)
To: netfilter@vger.kernel.org
Hi Team,
I am having some trouble understanding 'iif' on the ip rules. Let me explain what I am trying out. I have 3 virtual interfaces on a single interface.
eth0 192.168.4.0/24
eth0:1 192.168.5.0/24
eth0:2 192.168.6.0/24
eth0:3 192.168.7.0/24
I have all the interfaces setup with dhcp servers and they are able to hand out
I have rules that direct traffic from each of the interfaces except eth0:2 to a route table as follows
ip rule add from 192.168.4.0/24 lookup 100
ip rule add from 192.168.5.0/24 lookup 100
ip rule add from 192.168.7.0/24 lookup 100
from all lookup main
from all lookup default
I expect that all traffic from 192.168.4.0/24, 192.168.5.0/24 and 192.168.7.0/24 will be routed to table 100. Traffic from 192.168.6.0/24 would be routed to main table.
The issue I am facing that traffic from 192.168.6.0/24 is being dropped at the INPUT chain of the filter table.
What is more strange and the issue that has been bothering me is when I have the rules as below
ip rule add from 192.168.4.0/24 iif eth0 lookup 100
ip rule add from 192.168.5.0/24 iif eth0 lookup 100
ip rule add from 192.168.7.0/24 iif eth0 lookup 100
from all lookup main
from all lookup default
So with the iif set on the rules, I am able to get the traffic from the subnet 192.168.6.0/24. Why would adding the iif on the rules work? The iif rule is not even on the interface in question. I read the iif documentation of ip rule but it was not sufficient to answer my question.
Any help would be greatly appreciated.
Thanks,
Aadith
PS: Resending as the previous mail was reported as undeliverable
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Details on iif in ip rule
2011-12-21 0:08 Details on iif in ip rule Aadith Koshy
@ 2011-12-21 2:20 ` Jan Engelhardt
2011-12-21 9:01 ` Andrew Beverley
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-12-21 2:20 UTC (permalink / raw)
To: Aadith Koshy; +Cc: netfilter@vger.kernel.org
On Wednesday 2011-12-21 01:08, Aadith Koshy wrote:
>Hi Team,
>
>I am having some trouble understanding 'iif' on the ip rules. Let me
>explain what I am trying out. I have 3 virtual interfaces on a single
>interface.
No you are not having 3 interfaces. You are having exactly _one_
interface. You are being deluded by ifconfig - stop using net-tools.
Use iproute2. Then it all starts making sense.
>eth0 192.168.4.0/24
>eth0:1 192.168.5.0/24
>eth0:2 192.168.6.0/24
>eth0:3 192.168.7.0/24
>
>
>I have all the interfaces setup with dhcp servers and they are able to
>hand out I have rules that direct traffic from each of the interfaces
>except eth0:2 to a route table as follows [...]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Details on iif in ip rule
2011-12-21 2:20 ` Jan Engelhardt
@ 2011-12-21 9:01 ` Andrew Beverley
0 siblings, 0 replies; 3+ messages in thread
From: Andrew Beverley @ 2011-12-21 9:01 UTC (permalink / raw)
To: Aadith Koshy; +Cc: netfilter@vger.kernel.org
On Wed, 2011-12-21 at 03:20 +0100, Jan Engelhardt wrote:
> On Wednesday 2011-12-21 01:08, Aadith Koshy wrote:
>
> >Hi Team,
> >
> >I am having some trouble understanding 'iif' on the ip rules. Let me
> >explain what I am trying out. I have 3 virtual interfaces on a single
> >interface.
>
> stop using net-tools. Use iproute2.
Aadith: Jan is right. You need to use iproute2. As a starter for 10, you
need to do something like:
ip address add 192.168.5.0/24 dev eth0
rather than whatever ifconfig rule you are using.
Andy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-12-21 9:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-21 0:08 Details on iif in ip rule Aadith Koshy
2011-12-21 2:20 ` Jan Engelhardt
2011-12-21 9:01 ` Andrew Beverley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).