Re: [mpls-linux-general] problems using netfilter

[James R. L. <jl...@mi...>]

Are you trying to use the patches from Olivier Dugeon?

I'm only partially familiar with exactly how to get them to work. You
might want to try the BETA version of mpls-linux that integrates much of
Olivier's work.

Grab the latest mpls-linux (1.127) via CVS at:

http://sourceforge.net/cvs/?group_id=3D15443

It contains a patch for a the linux kernel, and for iptables.

I'll be posting directions how to use iptables and mplsadm2 to create
the 'standard' 2 pc LSP (from the README.example in mpls-linux)

Jim

On Thu, Jan 31, 2002 at 12:22:41PM +0100, Ulrich D=FCrholz wrote:
>=20
> Hi all,
>=20
> we have encountered some problems using
> the mpls-iptables patch. We wanted to use
> netfilter at the ingress node to bind labels
> to specific ip traffic.
> Here's what we did:
> - first patched linux kernel 2.4.14 with mpls-linux-0.993
> - second applied mpls-iptables-0.3 patch (.full patch)
> - made menuconfig ("netfilter MPLS match support",
> "Packet mangling/MPLS target support" + the "normal"
> MPLS stuff)
> - patched and compiled iptables 1.2.2
>=20
> Excerpt from our configuration script:
>=20
> ...
> mplsadm -v -A -O gen:33:eth1:ipv4:192.168.2.3
>=20
> KEY3=3D`grep 'gen 33' /proc/net/mpls_out | cut -d' ' -f1`
>=20
> iptables -v -I PREROUTING -t mangle -d 192.168.6.1 \
> -s 192.168.5.2 -j MPLS --set-mpls 0x$KEY3
>=20
>=20
> This all works so far (giving no error messages
> from mplsadm or iptables), but the traffic seems
> to be forwarded normally using the ip routing table,
> although the packet counter of iptables shows that
> the rule matched.
>=20
> Has anybody experienced similar problems?
> Which combination of the linux kernel/patches is known to be=20
> working best?
>=20
>=20
> Thanks,
>=20
> Uli & Daniel
>=20
>=20
>=20
>=20
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

--=20
James R. Leu