D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] kernel iptables and the rest

 

tom@xxxxxxxxxx wrote:
> 
> Long story cut short I want to do protocol based routing. I.E. I have 2 
> gateways and want to select certain protocols for each one. To do this I am 
> going to use iptables and l7. The problem is the kernel module needed to 
> change the route with iptables requires a kernel module.

Sounds likely, but I'd be very surprised if a modern distro didn't have
all the modules required in a stock kernel.

Basically the LARTC suggests you need to mark the packets to route
differently. Then add a routing rule for them. Should be two commands,
three if you need to install iproute2 first, possibly four or five if
the kernel modules aren't loaded automatically (or by
/etc/init.d/iptables at boot or similar start-up script), anything else
and you've missed the Tao of modern computing.

You may need to do NAT, or similar, on the routers to ensure packets
come back the same way they were sent, if you have public IP addresses
on your network.

An example of routing port 25 differently is given at the start of
chapter 11 in the LARTC (http://lartc.org/howto/lartc.netfilter.html)

> Now I have retried with all the options asked for in patch-o... and I get 
> similar errors but just lots more all looking for ipt_(un)register_target. A 
> google and asking on the iptables IRC channel has come to nothing so I though 
> I would ask here.

Doubt you need this patch but...

ipt_register_target is defined in ip_tables.c, so I assume is
ip_tables.ko -- if I was a kernel guru I'd remember the command to check
this.

Maybe as root "modprobe ip_tables" is what you are missing ?

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html