Re: iptables -j ROUTE
В Птн, 11/08/2006 в 14:51 +0200, Pascal Hambourg пишет:
> Pokotilenko Kostik a écrit :
> >>
> >>So I guess iptables version is 1.2.11 which includes support for the
> >>ROUTE target (but not for the --tee option).
> >
> > My "man iptables" says:
> > ===================================
> > ROUTE
> > This is used to explicitly override the core network stack's routing
> > decision. mangle table.
> >
> > --oif ifname
> > Route the packet through `ifname' network interface
> >
> > --iif ifname
> > Change the packet's incoming interface to `ifname'
> >
> > --gw IP_address
> > Route the packet via this gateway
> >
> > --continue
> > Behave like a non-terminating target and continue traversing the
> > rules. Not valid in combination with `--iif'
>
>
> No --tee indeed. This option, which is used to duplicate packets, was
> first included in iptables 1.3.0. But I guess it's fine if you don't
> need it.
>
> > # ls -la /lib/iptables/libipt_ROUTE.so
> > -rw-r--r-- 1 root root 4528 2004-12-02
> > 02:38 /lib/iptables/libipt_ROUTE.so
>
> That's iptables' user library. You probably miss the kernel module.
>
> > I started to look in direction of "ip".
> >
> > BTW, how can I check whether my kernel supports this feature?
> >
> > # ls /lib/modules/2.6.8-2-686/kernel/net/ipv4/netfilter | grep -i route
> >
> > gives no result.
>
> What feature ? Iptables' ROUTE target or advanced routing with ip ?
>
> For advanced routing, check that you have these options in the kernel
> config file (or in /proc/config) :
> CONFIG_IP_ADVANCED_ROUTER=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_FWMARK=y (for advanced routing using MARK)
>
> For the kernel iptables' ROUTE target, check that you have this options
> in the kernel config file (or in /proc/config) :
> CONFIG_IP_NF_TARGET_ROUTE=m|y
>
> When compiled as a module, the module filename is с.
ipt_ROUTE.(k)o is not included in my kernel :/
I'm switched to iproute2 as a solution.
--
Покотиленко Костик <casper@meteor.dp.ua>
Reply to: