OK, thanks. Researching your answer also turned me on the netfilter.org website, which I didn't know about. Have you used/tested the ROUTE patch?
Regards,
Joe
-----Original Message-----
From: Krystian Antoni [mailto: krystianantoni@xxxxxxxxx]
Sent: Sunday, May 08, 2005 12:52 PM
To: Joe Devich
Subject: Re: [LARTC] Routing by interface as opposed to ip address?
there is a iptables target module named ROUTE. it can help u
On 5/6/05, Joe Devich < joe@xxxxxxxxxx> wrote:
Hello all,
Does anyone know of a methodology to build a route based on the inbound
and outbound interfaces as opposed to ip addresses? We are essentially
trying to forward packets from one interface to another without looking
at the ip address. Bridging (brctl, br2684ctl) will not work in this
case as the interfaces use different layer 2 encapsulation (e.g.,
atm0<=>eth0, or ppp0<=>eth0).
We could build a rule to match the incoming interface, then point to a
routing table with a default route set to the outbound interface. The
problem, with this approach is the limit of 255 routing tables in
iproute2. Presumably, it would consume 2 routing tables for each
"connection" (one forward, one reverse). We need more than 126
"connections" per box.
Some commercial routers allow policy routing using only the interfaces
with ACL's, but it's not clear how this could be implemented in linux.
We use debian (2.4 kernel) distro with iproute2, iptables, etc. Any
suggestions would be most welcome.
Cheers,
Joe Devich
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
--
Miłego Dnia
Krystian Antoni
--
Miłego Dnia
Krystian Antoni
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
