[LARTC] Routing by interface as opposed to ip address?

Krystian Antoni krystianantoni at gmail.com
Mon May 9 18:08:07 CEST 2005 

netfilter.org <http://netfilter.org> is a alias for
iptables.org<http://iptables.org>:-)
 I haven't tested it becouse I was using an other way which I forgot to 
mention.
You can MARK packets using iptables as comming from an interface and later 
route by this MARK using normal routing technics.
Its all described in lartc.org <http://lartc.org> and took me half a day to 
get it working without knowing anything :-)
 On 5/9/05, Joe Devich <joe at mosaix.net> wrote:
 
>  OK, thanks. Researching your answer also turned me on the netfilter.org<http://netfilter.org/>website, which I didn't know about. Have you used/tested the ROUTE patch?
> 
>   Regards,
> 
>  Joe
>  
>   -----Original Message-----
> *From:* Krystian Antoni [mailto:krystianantoni at gmail.com] 
> *Sent:* Sunday, May 08, 2005 12:52 PM
> *To:* Joe Devich
> *Subject:* Re: [LARTC] Routing by interface as opposed to ip address?
> 
>  there is a iptables target module named ROUTE. it can help u
> 
>  On 5/6/05, *Joe Devich* <joe at mosaix.net> wrote:
> 
> Hello all,
> 
> Does anyone know of a methodology to build a route based on the inbound
> and outbound interfaces as opposed to ip addresses? We are essentially
> trying to forward packets from one interface to another without looking 
> at the ip address. Bridging (brctl, br2684ctl) will not work in this
> case as the interfaces use different layer 2 encapsulation (e.g.,
> atm0<=>eth0, or ppp0<=>eth0).
> 
> We could build a rule to match the incoming interface, then point to a 
> routing table with a default route set to the outbound interface. The
> problem, with this approach is the limit of 255 routing tables in
> iproute2. Presumably, it would consume 2 routing tables for each
> "connection" (one forward, one reverse). We need more than 126 
> "connections" per box.
> 
> Some commercial routers allow policy routing using only the interfaces
> with ACL's, but it's not clear how this could be implemented in linux.
> We use debian (2.4 kernel) distro with iproute2, iptables, etc. Any 
> suggestions would be most welcome.
> 
> Cheers,
> 
> Joe Devich
> 
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> 
> 
> 
> -- 
> Miłego Dnia
> Krystian Antoni 
> 



-- 
Miłego Dnia
Krystian Antoni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20050509/c5df1ebb/attachment.htm

More information about the LARTC mailing list