Le mer 10/03/2004 à 03:52, Hitesh Ballani a écrit : > i was stuck with the interaction of iptables and tunneling ...if i have an > ip-ip tunnel, are the ip hooks checked for both the outer and the inner ip > header ? Most of the time, both of them. Usually, on Linux, tunnel usage means logical interface creation (tun0, tap0, sit0, ppp0, etc.). Suppose you create a tunnel called tun0 over eth0. You will see tunneling packets on eth0, INPUT chain. You will see tunneled packets on tun0, INPUT or FORWARD chain depending on the way they're routed. > Also, the mark extension allows you to mark packets with 16-bits marks > which is big enough to encode the port number, but if i try to add policy > routing on the fly using the ip rules command then i get screwed because > the table-id (for specifying which table has the rules to route this > packet) is only 8-bits and so, I cannot encode the port numbers in there > ... i know this is not a clear description but if you know anything about > this problem, i would be more than happy to spell the details out... Do you really need the full 16 bits space ? I mean that you'll need it if you have 16^2 different routes (one mark per route) which should not the case. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
