Shorewall users - Mar 2006 - Using modules like ipt_ROUTE RANDOM etc.

I am trying to achive routing under certain conditions  using the ipt_condition
module so far I am able to do this in the PREROUTING chain and by marking the
packets in tcpre.
However in order to avoid marks and use even more condtions I would like to use
the ipt_ROUTE module.

iptables -t mangle -[IA] tcpre  -s $DMZ_NET -p all -m condition --condition
(SOME CONDITION )  -j ROUTE --gw $ISP1.

But with no success. 
I''ve tried for something simpler like 
iptables -A tcpre -t mangle  -d $SOME_HOST -j ROUTE --gw $IPS1
and then did a 
ping -c $SOME_HOST

iptables -t mangle -nvL (or) shorewall show mangle showed 0 packets through the
rule....

to which chain should I attach such rules ????

Is there some way of implementing ( plugin )   tools in shorewall so modules
like the ones mentioned above could be used in shorewall ???

Regards ..






-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

On Mon, March 27, 2006 08:42, grharry@freemail.gr wrote:
>
> I am trying to achive routing under certain conditions  using the
> ipt_condition module so far I am able to do this in the PREROUTING chain
> and by marking the packets in tcpre.
> However in order to avoid marks and use even more condtions I would like
> to use the ipt_ROUTE module.
>
> iptables -t mangle -[IA] tcpre  -s $DMZ_NET -p all -m condition
> --condition (SOME CONDITION )  -j ROUTE --gw $ISP1.
>
> But with no success.
> I''ve tried for something simpler like
> iptables -A tcpre -t mangle  -d $SOME_HOST -j ROUTE --gw $IPS1
> and then did a
> ping -c $SOME_HOST
>
> iptables -t mangle -nvL (or) shorewall show mangle showed 0 packets
> through the rule....
>
> to which chain should I attach such rules ????
If you are going to extend Shorewall in this way, *you* are going to have
to understand what is happening in the ruleset and insert the proper rules
in the proper places. Once you start inserting your own rules using
extension scripts, you are on your own.

FWIW, I played with the ROUTE target a year or so ago and could never
understand what it was doing. There was some experimental code that tried
to support it in Shorewall 2.4 but I came to my senses are removed that
support in 3.0.
>
> Is there some way of implementing ( plugin )   tools in shorewall so
> modules like the ones mentioned above could be used in shorewall ???
>
Only in the filter table(using Actions with extension scripts). There is
no plugin capability for the mangle or nat tables.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642