Re: [mpls-linux-general] DNAT & MPLS
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] DNAT & MPLS
|
From: James R. L. <jl...@mi...> - 2003-07-11 03:31:27
|
See comments in line. On Thu, Jul 10, 2003 at 06:29:33PM +0200, Antonio Mancuso wrote: > Thanks for your answer, > but I think I still have some problems. :)) > > if I do: > mplsadm2 -L tap0:0 > mplsadm2 -A -I gen:255:0 > > and then > > mplsadm2 -I gen:255:0 -i set_nf:10:pop:peek > > I get: > SET-SIOCGIFINDEX: No such device > > > If "set NF" is implemented you would be able to do: That was meant to be an offer by me to implement the feature (it doesn't exist yet) If you think if will work for you I can implement it then release a new RPM. > How can I check if I have set NF implemented? > I am using the kernel|iproute|iptables patches found on sourceforge.net (V 1.172) > > In the README file it's just mentioned set_tc and set_ds. > > If you know a place where I can get some documentation > more detailed than the one with the patch, may be I can avoid to post on this list. :)) > > Thanx, > Antonio > > > > On Thursday 10 July 2003, alle 09:16, James R. Leu wrote: > > On Thu, Jul 10, 2003 at 03:39:47PM +0200, Antonio Mancuso wrote: > > > This solution can definitely work, but I need a iptables match module for MPLS. > > > I think I need something like: > > > > Why? > > > > 1. By the time iptables gets the packet, the MPLS header has been removed. > > 2. You already have a mechanism for exact matches based on the incoming > > label, its called the ILM (incoming label map) and is inherent to any > > MPLS implementation (including mine). > > > > > > > > iptables -t mangle -A PREROUTING -d <public IP> -m MPLS <incoming label> -j MARK --set-mark 10 > > > iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private IP> > > > > If "set NF" is implemented you would be able to do: > > > > mplsadm2 -A -I gen:255:0 > > mplsadm2 -I gen:255:0 -i set_nf:MARK:pop:peek > > iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private > > IP> > > > > > and this will solve my problem, but I think if I can have a matching module for MPLS label > > > I can use something like this: > > > > > > iptables -t nat -A PREROUTING -d <public IP> -m MPLS <incoming label> -j DNAT --to <private IP> > > > > > > So what I am missing is how to mark a packet based on the MPLS label. > > > > > > Thnx, > > > Antonio > > > > > > > > -- > > James R. Leu -- James R. Leu |
