Re: [mpls-linux-general] problem with iptable rulesets

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

It could be that the MPLS iptables code has broken since I tested it.
Are you willing to add some debugging code?  If so put some 'printk's in
the target() function in linux/net/ipv4/netfilter/ipt_spec_nh.c

Looking at it quickly it could be a network byte order issue.  Try this
and see if it changes anything:

./iptables <other args> -j spec_nh --spec_nh 0x4788:0x2

On Tue, May 25, 2004 at 07:52:22PM +0300, Itrat Rasod Quadri wrote:
> Thanks a bunch James and Pierre Ansel but unfortunately my problem is not over 
> yet, here is the output from "./iptables -t filter -L" at my ingress
> 
> Chain INPUT (policy DROP)
> target  prot  opt  source      destination
> ACCEPT  tcp   --   anywhere    172.16.134.36
> ACCEPT  udp   --   anywhere    172.16.134.36
> ACCEPT  icmp  --   anywhere    172.16.134.36
> ACCEPT  tcp   --   anywhere    bf01 (localhost)
> ACCEPT  udp   --   anywhere    bf01
> ACCEPT  icmp  --   anywhere    bf01
> 
> Chain FORWARD (policy DROP)
> target  prot  opt  source      destination
> ACCEPT  tcp   --   anywhere    172.16.134.36
> ACCEPT  udp   --   anywhere    172.16.134.36
> ACCEPT  icmp  --   anywhere    172.16.134.36
> 
> Chain FORWARD (policy ACCEPT)
> target  prot  opt  source      destination
> spec_nh all    --   anywhere    172.16.134.36   set spec_nh 0x8847:0x00000002
> 
> Now when I ping 172.16.134.36 and do "tcpdump -xvp -i eth2" at the ip 
> interface at the ingress I get nothing but when I abort tcpdump I get the 
> response
> 
> # of packets received by filter
> 0 packets dropped by kernel
> 
> where # is the number of packets received by the filter. If the packets are 
> being received by the filter how come I don't get to see the output and 
> neither are the packets being forwarded onto the MPLS interface.
> 
> Need your kind assistance once again. 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

-- 
James R. Leu
jl...@mi...