Re: [Fwbuilder-discussion] -j ROUTE --OIF option
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] -j ROUTE --OIF option
|
From: <va...@vk...> - 2007-07-19 15:42:17
|
On Jul 19, 2007, at 7:35 AM, denpun wrote: > > Sorry forgot to tell you about it...last post... > Yes, the man page for iptables does list the route target and oif =20 > options. > Im using Debian Etch with kernel 2.6.18-4 > > You think this problem has something to do with > CONFIG_IP_ROUTE_MULTIPATH_CACHED being enabled in Etch. Do a search on > google for CONFIG_IP_ROUTE_MULTIPATH_CACHED and debain etch and the =20= > routing > problems it has caused. > Do you think it has something to do with that? > no, I do not think so, option CONFIG_IP_ROUTE_MULTIPATH_CACHED is not =20= for iptables --vk > > Vadim Kurland =E2=9C=8E wrote: >> >> >> On Jul 19, 2007, at 5:45 AM, denpun wrote: >> >>> >>> I am running Debian Etch which is supposedly running a stable >>> version of >>> iptables, actually its 1.3.6. >>> You still think it could be an iptables problem? >>> >> >> what does the man page for iptables say ? Does it list ROUTE target ? >> If yes, and iptables does not accept this target, then iptables is >> broken. >> >>> While searching the list archives I also found this >>> http://www.nabble.com/action-route-in-fwbuilder-with-ubuntu-6.10- >>> tf3553920.html#a9925579 >>> Do you think its related? >>> >> >> the error message reported there was different, although also related >> to the ROUTE target. >> >> --vk >> >>> >>> Vadim Kurland =E2=9C=8E wrote: >>>> >>>> >>>> On Jul 18, 2007, at 3:50 PM, denpun wrote: >>>> >>>>> >>>>> My rules look like >>>>> $IPTABLES -N Out_RULE_1 -t mangle >>>>> $IPTABLES -t mangle -A POSTROUTING -o eth2 -s 10.1.0.0/16 -j >>>>> Out_RULE_1 >>>>> $IPTABLES -t mangle -A Out_RULE_1 -j LOG --log-level info --log- >>>>> prefix >>>>> "RULE 1 -- ROUTE " >>>>> #$IPTABLES -t mangle -A Out_RULE_1 -j ROUTE --oif eth3 --gw >>>>> 200.32.233.81 >>>>> --continue >>>>> >>>>> off the four of them, i comment them out one by one and it looks >>>>> like it >>>>> errors out on the last/fourth rule >>>>> $IPTABLES -t mangle -A Out_RULE_1 -j ROUTE --oif eth3 --gw >>>>> 200.32.233.81 >>>>> --continue >>>>> >>>>> must i have a special module enable for this to work or something >>>>> or is it >>>>> available by default in the kernel. >>>>> >>>> >>>> >>>> Try "man iptables" on the firewall and see if target ROUTE is =20 >>>> listed >>>> and if it has option --oif. If man page says it is there, and >>>> iptables errors out on this command, this looks like broken =20 >>>> iptables >>>> installation. Unfortunately I do not know how this can be fixed, >>>> short of recompiling iptables. >>>> >>>> --vk >>>> >>>> >>>>> Vadim Kurland =E2=9C=8E wrote: >>>>>> >>>>>> >>>>>> On Jul 18, 2007, at 3:40 PM, denpun wrote: >>>>>> >>>>>>> >>>>>>> Sorry..actually i just noticed something..... >>>>>>> I made one small change to the rule by adding direction.... >>>>>>> >>>>>>> $IPTABLES -N Out_RULE_1 -t mangle >>>>>>> $IPTABLES -t mangle -A POSTROUTING -o eth2 -s 10.1.0.0/16 -j >>>>>>> Out_RULE_1 >>>>>>> $IPTABLES -t mangle -A Out_RULE_1 -j LOG --log-level info --=20= >>>>>>> log- >>>>>>> prefix >>>>>>> "RULE 1 -- ROUTE " >>>>>>> $IPTABLES -t mangle -A Out_RULE_1 -j ROUTE --oif eth3 --=20 >>>>>>> continue >>>>>>> >>>>>>> I get the following error...... >>>>>>> iptables: No chain/target/match by that name >>>>>>> i commented out the code and the error goes away.. >>>>>>> >>>>>> >>>>>> which iptables command you get this error for ? >>>>>> >>>>>> >>>>>> >>>>>>> I also reverted to back what I had..which is what i originally >>>>>>> had...which >>>>>>> is what i posted earlier... >>>>>>> the error is still there... >>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> The rule gets applied fine..without any problems... >>>>>>> The log reads as follows... >>>>>>> >>>>>>> Jul 18 16:29:39 janus kernel: RULE 8 -- ACCEPT IN=3Deth1 = OUT=3Deth2 >>>>>>> SRC=3D10.1.200.201 DST=3D64.233.167.99 LEN=3D40 TOS=3D0x00 = PREC=3D0x00 >>>>>>> TTL=3D10 >>>>>>> ID=3D45690 >>>>>>> PROTO=3DUDP SPT=3D45656 DPT=3D33468 LEN=3D20 >>>>>>> Jul 18 16:29:39 janus kernel: RULE 1 -- ROUTE IN=3D OUT=3Deth2 >>>>>>> SRC=3D10.1.200.201 >>>>>>> DST=3D64.233.167.99 LEN=3D40 TOS=3D0x00 PREC=3D0x00 TTL=3D10 = ID=3D45690 >>>>>>> PROTO=3DUDP >>>>>>> SPT=3D45656 DPT=3D33468 LEN=3D20 >>>>>>> >>>>>>> >>>>>>> >>>>>>> Vadim Kurland =E2=9C=8E wrote: >>>>>>>> >>>>>>>> >>>>>>>> On Jul 18, 2007, at 2:57 PM, denpun wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Greetings >>>>>>>>> I am using FWBUILDER 2.1.8.... >>>>>>>>> >>>>>>>>> As per >>>>>>>>> http://www.nabble.com/Two-wan-interfaces-=20 >>>>>>>>> tf1933781.html#a5310863 >>>>>>>>> >>>>>>>>> I have multiple WAN interfaces and am trying to route all >>>>>>>>> traffic >>>>>>>>> form >>>>>>>>> networks >>>>>>>>> 10.0.0.0/16 via WAN1 >>>>>>>>> and 10.1.0.0/16 via WAN2 >>>>>>>>> and 10.2.0.0/16 via WAN3 and so on >>>>>>>>> >>>>>>>>> I went ahead and added a new rule that gets compiled as =20 >>>>>>>>> follows >>>>>>>>> >>>>>>>>> $IPTABLES -N RULE_1 -t mangle >>>>>>>>> $IPTABLES -t mangle -A POSTROUTING -s 10.1.0.0/16 -j RULE_1 >>>>>>>>> $IPTABLES -t mangle -A RULE_1 -j LOG --log-level info --log- >>>>>>>>> prefix "RULE 1 >>>>>>>>> -- ROUTE " >>>>>>>>> $IPTABLES -t mangle -A RULE_1 -j ROUTE --oif eth3 --=20 >>>>>>>>> continue >>>>>>>>> >>>>>>>>> Default route on fw machine is via WAN1 which is eth2 >>>>>>>>> Inspite of the firewall rules, traffic from 10.1.0.0/16 still >>>>>>>>> gets >>>>>>>>> routed >>>>>>>>> via eth2 >>>>>>>>> Can you please help me.. >>>>>>>>> do i need to add any other rules? >>>>>>>> >>>>>>>> >>>>>>>> do these rules apply without errors on your firewall ? Do you >>>>>>>> see any >>>>>>>> packets in the log (one of these rules logs packets when they >>>>>>>> match) ? >>>>>>>> >>>>>>>> --vk >>>>>>>> >>>>>>>> >>>>>>>> ---------------------------------------------------------------=20= >>>>>>>> -- >>>>>>>> -- >>>>>>>> -- >>>>>>>> ---- >>>>>>>> This SF.net email is sponsored by DB2 Express >>>>>>>> Download DB2 Express C - the FREE version of DB2 express and =20= >>>>>>>> take >>>>>>>> control of your XML. No limits. Just data. Click to get it now. >>>>>>>> http://sourceforge.net/powerbar/db2/ >>>>>>>> _______________________________________________ >>>>>>>> Fwbuilder-discussion mailing list >>>>>>>> Fwb...@li... >>>>>>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-=20 >>>>>>>> discussion >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> --=20 >>>>>>> View this message in context: http://www.nabble.com/-j-ROUTE--- >>>>>>> OIF- >>>>>>> option-tf4106785.html#a11679001 >>>>>>> Sent from the fwbuilder-discussion mailing list archive at >>>>>>> Nabble.com. >>>>>>> >>>>>>> >>>>>>> ----------------------------------------------------------------=20= >>>>>>> -- >>>>>>> -- >>>>>>> -- >>>>>>> --- >>>>>>> This SF.net email is sponsored by DB2 Express >>>>>>> Download DB2 Express C - the FREE version of DB2 express and =20 >>>>>>> take >>>>>>> control of your XML. No limits. Just data. Click to get it now. >>>>>>> http://sourceforge.net/powerbar/db2/ >>>>>>> _______________________________________________ >>>>>>> Fwbuilder-discussion mailing list >>>>>>> Fwb...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-=20 >>>>>>> discussion >>>>>> >>>>>> >>>>>> -----------------------------------------------------------------=20= >>>>>> -- >>>>>> -- >>>>>> ---- >>>>>> This SF.net email is sponsored by DB2 Express >>>>>> Download DB2 Express C - the FREE version of DB2 express and take >>>>>> control of your XML. No limits. Just data. Click to get it now. >>>>>> http://sourceforge.net/powerbar/db2/ >>>>>> _______________________________________________ >>>>>> Fwbuilder-discussion mailing list >>>>>> Fwb...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>>>>> >>>>>> >>>>> >>>>> --=20 >>>>> View this message in context: http://www.nabble.com/-j-ROUTE---=20 >>>>> OIF- >>>>> option-tf4106785.html#a11679237 >>>>> Sent from the fwbuilder-discussion mailing list archive at >>>>> Nabble.com. >>>>> >>>>> >>>>> ------------------------------------------------------------------=20= >>>>> -- >>>>> -- >>>>> --- >>>>> This SF.net email is sponsored by DB2 Express >>>>> Download DB2 Express C - the FREE version of DB2 express and take >>>>> control of your XML. No limits. Just data. Click to get it now. >>>>> http://sourceforge.net/powerbar/db2/ >>>>> _______________________________________________ >>>>> Fwbuilder-discussion mailing list >>>>> Fwb...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>>> >>>> >>>> -------------------------------------------------------------------=20= >>>> -- >>>> ---- >>>> This SF.net email is sponsored by DB2 Express >>>> Download DB2 Express C - the FREE version of DB2 express and take >>>> control of your XML. No limits. Just data. Click to get it now. >>>> http://sourceforge.net/powerbar/db2/ >>>> _______________________________________________ >>>> Fwbuilder-discussion mailing list >>>> Fwb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>>> >>>> >>> >>> --=20 >>> View this message in context: http://www.nabble.com/-j-ROUTE---OIF- >>> option-tf4106785.html#a11688210 >>> Sent from the fwbuilder-discussion mailing list archive at =20 >>> Nabble.com. >>> >>> >>> --------------------------------------------------------------------=20= >>> -- >>> --- >>> This SF.net email is sponsored by DB2 Express >>> Download DB2 Express C - the FREE version of DB2 express and take >>> control of your XML. No limits. Just data. Click to get it now. >>> http://sourceforge.net/powerbar/db2/ >>> _______________________________________________ >>> Fwbuilder-discussion mailing list >>> Fwb...@li... >>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >> >> >> ---------------------------------------------------------------------=20= >> ---- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Fwbuilder-discussion mailing list >> Fwb...@li... >> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >> >> > > --=20 > View this message in context: http://www.nabble.com/-j-ROUTE---OIF-=20 > option-tf4106785.html#a11690510 > Sent from the fwbuilder-discussion mailing list archive at Nabble.com. > > > ----------------------------------------------------------------------=20= > --- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |