Re: [Fwbuilder-discussion] action route in fwbuilder with ubuntu 6.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Apr 10, 2007, at 9:02 AM, <sve...@ma...> wrote:

> Dear list,
>
> could someone please direct me into the right direction regarding the
> action route in fwbuilder? Tried to set a specific route / gateway  
> for all
> pakets on port 25.
>
> But when I intall that rule, the machine tells me about unkown option
> --gw. Is it not possible to use that option with iptables 1.3.5? Do  
> I need
> to install some patch (it's ubuntu server 6.10)? What is my  
> mistake? Would
> be nice to getting it running this way - instead of the routing  
> tab, as
> this way seems to me much more flexible. Ah, the version of  
> fwbuilder is
> 2.1.10

I've heard several reports of this and similar problems with ROUTE  
target in iptables 1.3.5. I can't say for sure if all reports were  
for Ubuntu, I think some pointed at this happening with other  
distributions as well.

Basically, even though man page for iptables lists options --oif, -- 
iif, --gw for the target ROUTE, iptables refuses to recognize them. I  
have reports regarding options --oif and now --gw. Documentation for  
the target ROUTE on netfilter.org agrees with the man page and also  
lists these options.

At a first glance this looks like broken iptables build since options  
are correct and used as described in the man page. However, there is  
a chance my policy compiler build iptables command incorrectly and I  
would like to find out if that is the case.

Did anyone succeeded using rule action Route ? If so, what  
distribution you use and what is the version of iptables ?

Does anyone know of any subtle requirements for the target ROUTE, for  
example is the order in which "-j ROUTE" and associated options are  
supplied important ?

Commands that policy compiler v2.1 generate for the Route action look  
like this:

$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp  --dport 80  -j  
ROUTE  --oif eth1 --continue

$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp  --dport 22  -j  
ROUTE  --gw 1.2.3.4 --continue

( --continue is optional and may not be there, it is controlled by a  
checkbox in the action options dialog )

--vk