FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

LinkBack Thread Tools
Old 12-06-2007, 10:33 AM
Neal Becker
Default policy based routing question

Andrew Kraslavsky wrote:

>> I'm interested in implementing policy based routing on a system with
>> multiple interfaces. I'd like to use some kind of classifier to determine
>> the type of traffic associated with a packet. I know iptables/mark + ip
>> route can be used to classify packets by port #, but that isn't always
>> sufficient.
> Perhaps I have misunderstood your question but...all of the matches that
> are valid/meaningful in the mangle table's PREROUTING chain are at your
> disposal!
> For example, assuming you define advanced routing rules that use mark 0x01
> for your primary interface and mark 0x02 for your secondary interface and
> you wanted all outgoing HTTP traffic fron local subnet to
> go out your primary interface and you wanted all outgoing HTTP traffic
> from local subnet to go out your secondary interface you
> could use:
> iptables -t mangle -A PREROUTING -s -p tcp --dport 80 -j
> MARK --set-mark 0x01 iptables -t mangle -A PREROUTING -s
> -p tcp --dport 80 -j MARK --set-mark 0x02
> The appropriate matches to use would of course depend on what your
> interests are (classify by source IP address? source MAC address? input
> interface? destiantion port? etc...).
> Putting it another way, beyond port number and the examples listed above
> or all that is covered on the iptables man page, what kind of
> classification are you after?

Having done a bit more research, I think what I'm interested in is L7. Now
what I'm trying to figure out is what is needed for L7 userspace on fedora
f8 kernel.

I have kernel- According to
I need to figure out if fedora f8 kernel has "Layer 3 Dependent Connection
tracking (OBSOLETE)". Looking
in /lib/modules/ I don't see anything that
obviously corresponds to this.

If I just try anyway, it doesn't seem to work:
sudo /sbin/modprobe -v ip_conntrack_netlink
insmod /lib/modules/
insmod /lib/modules/
[nbecker@nbecker1 l7-filter-userspace-v0.4]$ /usr/bin/l7-filter --help

The ip_conntrack_netlink module does not appear to be loaded.
Unless you have it compiled into your kernel, please load it
and run l7-filter again.

fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Thread Tools

All times are GMT. The time now is 01:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org