Re: [mpls-linux-general] mpls and port filtering
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] mpls and port filtering
|
From: James R. L. <jl...@mi...> - 2002-02-21 15:26:03
|
You will not beable to use the MPLS target with port filtering. What you can do is: Create an MPLS tunnel interface. Create an MPLS outgoing label that uses nf2exp or nffwd. Attach it to the MPLS tunnel interface. Point the aggregate route out the MPLS tunnel interface Use iptables to set nfmask according to the TCP/UDP ports. Let me know if it works. Poitn the aggreagate routes On Thu, Feb 21, 2002 at 01:17:39PM +0100, Daniel Teckentrup wrote: > Hi, > > is it possible to use mpls and netfilter to distinguish streams based also > on their TCP/UDP port number? > > We are using the mpls configuration like the one described in the > mini-howto, posted by Anatoly Asviyan and extended later by Radu > Dragos (linux 2.4.17, mpls 1.1.2.7, iptables 1.2.4 etc.). > In our scenario, the toplogy differs: traffic is not generated at the > ingress itself, but at a neighbour mpls-unaware host. Therefore the > iptables rules at the ingress do not use the OUTPUT, but the FORWARD chain > (e.g. iptables -A FORWARD -p tcp --dport 44 -d 192.168.6.1 -j MPLS > --set-key Ox00000002). > This is were we encountered some "problems", it was possible to use > different MPLS routing schemes as long as IP-address and protocoll were > the only rule matches, but when using the port number, the behaviour > was not what we expected. > >From the first time a packet matched the above rule, even other packets, > using the same address and protocoll, but with a different port number > (which should be routed using normal TCP/IP) were send along the established MPLS > path. > Besides that the above rule can not be easily deleted, flushing the chain > is not sufficient, only deleting the labels has the desired effect. > > Has anyone experienced similar problems or is mpls+netfilter just not > suited for this scenario? > > Thanks in advance, > > Daniel and Ulrich > > > > > > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general -- James R. Leu |
