nexthop match

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello guys!

I have the following setup:

Linux router acting as a gateway for several subnets in the LAN.
The subnets are:
	127.17.0.0/16 (will go out via NAT)
	195.229.x.x/24
	193.289.y.y/28
	213.189.z.z/26
	etc.

There are about 20 subnets including the private Class B subnet.

I want to mark the packets that will go on the Internet, and leave out the
packets that move from one subnet to the other.
If I am to use something like:
	-s 172.17.0.0/16 -d !195.229.x.x/24
	-s 172.17.0.0/16 -d !193.289.y.y/28
	etc...

	I will have around 100 rules for upload and 100 for download

Is there any possibility to use something like:
	-s 172.17.0.0/16 -d !195.229.x.x/24, !193.289.y.y/28, ...	
	As in to use something like ipset

Or,

Match the packets by the next-hop address...
	-m nexthop --next-hop GW_ADDRESS

Unfortunately ipset cannot be used for this scenario, and the old nexthop
patch was not accepted in the pom tree.
Does anybody have an old copy of the nexthop patch
(https://lists.netfilter.org/pipermail/netfilter-devel/2003-November/013216.
html), 
or any other idea...

Thanks,
Mihai
  


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux