В Птн, 11/08/2006 в 14:51 +0200, Pascal Hambourg пишет: > Pokotilenko Kostik a écrit : > >> > >>So I guess iptables version is 1.2.11 which includes support for the > >>ROUTE target (but not for the --tee option). > > > > My "man iptables" says: > > =================================== > > ROUTE > > This is used to explicitly override the core network stack's > > routing > > decision. mangle table. > > > > --oif ifname > > Route the packet through `ifname' network interface > > > > --iif ifname > > Change the packet's incoming interface to `ifname' > > > > --gw IP_address > > Route the packet via this gateway > > > > --continue > > Behave like a non-terminating target and continue traversing > > the > > rules. Not valid in combination with `--iif' > > > No --tee indeed. This option, which is used to duplicate packets, was > first included in iptables 1.3.0. But I guess it's fine if you don't > need it. > > > # ls -la /lib/iptables/libipt_ROUTE.so > > -rw-r--r-- 1 root root 4528 2004-12-02 > > 02:38 /lib/iptables/libipt_ROUTE.so > > That's iptables' user library. You probably miss the kernel module. > > > I started to look in direction of "ip". > > > > BTW, how can I check whether my kernel supports this feature? > > > > # ls /lib/modules/2.6.8-2-686/kernel/net/ipv4/netfilter | grep -i route > > > > gives no result. > > What feature ? Iptables' ROUTE target or advanced routing with ip ? > > For advanced routing, check that you have these options in the kernel > config file (or in /proc/config) : > CONFIG_IP_ADVANCED_ROUTER=y > CONFIG_IP_MULTIPLE_TABLES=y > CONFIG_IP_ROUTE_FWMARK=y (for advanced routing using MARK) > > For the kernel iptables' ROUTE target, check that you have this options > in the kernel config file (or in /proc/config) : > CONFIG_IP_NF_TARGET_ROUTE=m|y > > When compiled as a module, the module filename is с.
ipt_ROUTE.(k)o is not included in my kernel :/ I'm switched to iproute2 as a solution. -- Покотиленко Костик <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
