iptables/ipnatctl issues under 2.3.40pre4

Stephen Frost sfrost@mail.snowman.net
Mon, 17 Jan 2000 23:10:21 -0500 (EST) 

On Mon, 17 Jan 2000, Andrej Todosic wrote:

> as for my second remark .. 
> forget about it ... 
> 
> i went to layer 4 routing, thinking for some reason you could do it with
> ipv2....
> 
> i appologize ... i have no clue what i was thinking , but now that i have
> done ip rule add help ... 
> 
> never mind ... 
> 
> if you could do some sort of redirect/route functions based on layer 4
> specific information 
> i would actually like to know about it :) 
> 
> fwmark would work for marking , but you wouldnt be able to tell the packet
> where to go ... it would still take the default gateway ... 
> you need a ........ ( fill in the blanks) 

	That's the idea behind using FWMARK, you mark the packet with something
like iptables (Except I don't know how, you could do it with ipchains), and then
use that mark to change how the packet gets routed using iproute2.  At least,
that's how I thought you could do it. :)  Well, though I thought you could use
ipnatctl to forcibly pick which interface the packet was to go out..

		Stephen

> > -----Original Message-----
> > From: Stephen Frost [mailto:sfrost@ns.snowman.net]
> > Sent: January 17, 2000 3:54 PM
> > To: Multiple recipients of list NETFILTER
> > Subject: RE: iptables/ipnatctl issues under 2.3.40pre4
> > 
> > 
> > On Mon, 17 Jan 2000, Andrej Todosic wrote:
> > 
> > > 
> > > here s your problem : 
> > > 
> > > 
> > > 
> > > > > ip ro ls table 10
> > > > sdslnet/29 dev eth2  scope link
> > > > mynet/27 dev eth0  scope link
> > > > default via sdslrouter dev eth2
> > > 
> > > make the default via cable modem ... 
> > > or add a rule with destport 80 and gateway it to the cable modem 
> > 
> > 	Hrm.  If I change the default route, then my normal routing
> > doesn't work.  I don't know how to add a rule for a given port with
> > iproute2...  I could try and use FWMARK, but I don't know how to set
> > that for a given packet w/ the new iptables (I didn't see an option
> > for it..).
> > 
> > 		Thanks!
> > 
> > 			Stephen
> > 
>