Re: iptables -j ROUTE
Pokotilenko Kostik a écrit :
So I guess iptables version is 1.2.11 which includes support for the
ROUTE target (but not for the --tee option).
My "man iptables" says:
===================================
ROUTE
This is used to explicitly override the core network stack's routing
decision. mangle table.
--oif ifname
Route the packet through `ifname' network interface
--iif ifname
Change the packet's incoming interface to `ifname'
--gw IP_address
Route the packet via this gateway
--continue
Behave like a non-terminating target and continue traversing the
rules. Not valid in combination with `--iif'
No --tee indeed. This option, which is used to duplicate packets, was
first included in iptables 1.3.0. But I guess it's fine if you don't
need it.
# ls -la /lib/iptables/libipt_ROUTE.so
-rw-r--r-- 1 root root 4528 2004-12-02
02:38 /lib/iptables/libipt_ROUTE.so
That's iptables' user library. You probably miss the kernel module.
I started to look in direction of "ip".
BTW, how can I check whether my kernel supports this feature?
# ls /lib/modules/2.6.8-2-686/kernel/net/ipv4/netfilter | grep -i route
gives no result.
What feature ? Iptables' ROUTE target or advanced routing with ip ?
For advanced routing, check that you have these options in the kernel
config file (or in /proc/config) :
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y (for advanced routing using MARK)
For the kernel iptables' ROUTE target, check that you have this options
in the kernel config file (or in /proc/config) :
CONFIG_IP_NF_TARGET_ROUTE=m|y
When compiled as a module, the module filename is ipt_ROUTE.(k)o.
Reply to: