Sat, 7 Jul 2001 14:08:32 +0200
Well i don't really want to touch the packets themselves on the firewall,
just want the linux to function as a normal router. when i use traceroute
with LSRR, it doesn't forward my packets. (i use the linux as a masquerading
box). do you know what is the problem.
Maybe i explicitly have to tell netfilter to forward the packets?
* - * - *
Fax (+1 Outside the US) 240-597-3213
* - * - * - * - * - *
[mailto:email@example.com]On Behalf Of Fabrice MARIE
Sent: Saturday, July 07, 2001 7:14 AM
To: Pol Muaddib; firstname.lastname@example.org
Subject: Re: Question: LSRR?
On Saturday 07 July 2001 10:03, Pol Muaddib wrote:
> can netfilter handle LSRR and can it masq LSRR? if so why doesn't it masq
> my LSRR requests? (i tried to use known software like Visualroute 5.3, but
> it doesn't do the trick).
It all depend what you call "handling LSRR"...
There is an experimental match 'ipv4options' that will allow you to match
packets with LSRR option set :
"IPV4OPTIONS v1.2.2 options:
--ssrr (match strict source routing flag)
--lsrr (match loose source routing flag)
--no-srr (match packets with no source routing)
[!] --rr (match record route flag)
[!] --ts (match timestamp flag)"
But it needs more testing. I've tested sucessfully record route
flag, but not really the others. Give it a try and let me know
if it doesn't work.
I haven't written the corresponding target yet. Meaning for now
you cannot mangle LSRR or SSRR flags within netfilter yet.
Have a nice day,
"Silly hacker, root is for administrators"