Re: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] problems with classes and iptables
|
From: James R. L. <jl...@mi...> - 2008-04-24 12:54:49
|
MPLS for ebtable and iptables netfilter are completly different. Techiques used with one do not translate to the other. With MPLS for etables we are trying to match packet coming into the box from an ethernet port or VLAN, thus you have to use PREROUTING. When trying to use MPLS for iptables we are trying to match packets as they are leaving the box, right before they get written to the wire. This means that POSTROUTE is the appropriate chain to modify. On Thu, Apr 24, 2008 at 12:29:06PM +0200, Javier Lorenzo wrote: > > If I remember correctly the MPLS target should only be used > > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' > table. > > But, here, > Ethernet over MPLS example for > mpls-linux-1.95x<http://sourceforge.net/docman/display_doc.php?docid=31115&group_id=15443> > I find: > > ebtables -t nat -A PREROUTING -i eth1 -j mpls --nhlfe 0x2 > > If you use the POSTROUTE or OUTPUT chain, you won't be able to use de -i > eth1 option. > > And about the problem, if I create the key and do > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x2 > I have no problem: > [root@localhost ~]# iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 > -j mpls --nhlfe 0x2 > [root@localhost ~]# iptables -L > Chain FORWARD (policy ACCEPT) > target prot opt source destination > mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a > nhlfe 0x2 > > I only obtain the invalid argument response if I haven't created the key > first. > So I don't know why it is not working. > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general -- James R. Leu jl...@mi... |
