Re: [mpls-linux-general] DNAT & MPLS

[Antonio M. <ant...@mu...>]

Thanks for your answer,
but I think I still have some problems. :))

if I do:
mplsadm2 -L tap0:0
mplsadm2 -A -I gen:255:0

and then

mplsadm2 -I gen:255:0 -i set_nf:10:pop:peek

I get:
SET-SIOCGIFINDEX: No such device

> If "set NF" is implemented you would be able to do:

How can I check if I have set NF implemented?
I am using the kernel|iproute|iptables patches found on sourceforge.net (V 1.172)

In the README file it's just mentioned set_tc and set_ds.

If you know a place where I can get some documentation 
more detailed than the one with the patch, may be I can avoid to post on this list. :))

Thanx,
Antonio



On Thursday 10 July 2003, alle 09:16, James R. Leu wrote:
> On Thu, Jul 10, 2003 at 03:39:47PM +0200, Antonio Mancuso wrote:
> > This solution can definitely work, but I need a iptables match module for MPLS.
> > I think I need something like:
> 
> Why?
> 
> 1.  By the time iptables gets the packet, the MPLS header has been removed.
> 2.  You already have a mechanism for exact matches based on the incoming
>     label, its called the ILM (incoming label map) and is inherent to any
>     MPLS implementation (including mine).
> 
> > 
> > iptables -t mangle -A PREROUTING -d <public IP> -m MPLS <incoming label> -j MARK --set-mark 10
> > iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private IP>
> 
> If "set NF" is implemented you would be able to do:
> 
> mplsadm2 -A -I gen:255:0
> mplsadm2 -I gen:255:0 -i set_nf:MARK:pop:peek
> iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private
> IP>
> 
> > and this will solve my problem, but I think if I can have a matching module for MPLS label
> > I can use something like this:
> > 
> > iptables -t nat -A PREROUTING -d <public IP> -m MPLS <incoming label> -j DNAT --to <private IP>
> > 
> > So what I am missing is how to mark a packet based on the MPLS label.
> > 
> > Thnx,
> > Antonio
> > 
> > 
> -- 
> James R. Leu