LARTC - Aug 2002 - iptables post/pre rountig problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I''m trying to exclude some ip ranges from my traffic filter, for that I
mark
the packets in PRE-/POST-ROUTING.

If I mark them straight ahead it works, but if I want to do that in a user 
chain I get the message that userchain.so can''t beloaded.

iptables -N capped_in
iptables -N capped_out

# put all incoming traffic to IMQ
iptables -t mangle -A PREROUTING -i eth0 -j IMQ
# mark all packets which need to be capped
iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s ! 
xxx.xxx.xxx.0/24 -j capped_in
       iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN
       iptables -A capped_in -j MARK --set-mark 2

# now the outgoing traffic
iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d ! 
xxx.xxx.xxx.0/24 -j capped_out
       iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN
       iptables -A capped_out -j MARK --set-mark 1

Can anyone tell me how I can achieve? thx

- -- 
Regards,
Robert
- ----------------
Robert Penz
robert.penz@outertech.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9TcAj8tTsQqJDUBMRAoSfAKCDG3rDZsegmeR9HlvsnNptPIyiMwCdH/An
af69+Ymez7VxWqBtX8I40Yg=k0pV
-----END PGP SIGNATURE-----

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Robert,

Robert Penz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi!
> 
> I''m trying to exclude some ip ranges from my traffic filter, for
that I mark
> the packets in PRE-/POST-ROUTING.
> 
> If I mark them straight ahead it works, but if I want to do that in a user 
> chain I get the message that userchain.so can''t beloaded.
> 
> iptables -N capped_in
> iptables -N capped_out
> 
> # put all incoming traffic to IMQ
> iptables -t mangle -A PREROUTING -i eth0 -j IMQ
> # mark all packets which need to be capped
> iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s ! 
> xxx.xxx.xxx.0/24 -j capped_in
>        iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN
>        iptables -A capped_in -j MARK --set-mark 2
> 
> # now the outgoing traffic
> iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d ! 
> xxx.xxx.xxx.0/24 -j capped_out
>        iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN
>        iptables -A capped_out -j MARK --set-mark 1
> 
> Can anyone tell me how I can achieve? thx

Did you try -t mangle -A capped_in/out ?
Your chains were created in the mangle table, so they can only be called 
from within mangle.

Bye,

Patrick



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/