[Sis-SCPS-INTEREST] linux 2.6.11 question on routing

Oscar Mechanic oscar at ufomechanic.net
Sat Dec 30 13:44:04 EST 2006 

Hi

   I have been looking around the SCPS code and have read the manuals
but am still a little confused. I looked at the SCPS gateway code and
shown below is and example of what the "SYSTEM" macro gets to execute.

Am I right in thinking that for the second gateway of the pair I need to
set up the endpoints 10.99.99.2,10.99.98.2 and 10.99.97.2. 

The only reason I can see to do this would be to transport SYN's from
the device over one tunnel to the device on another tunnel and all other
TCP data on another tunnel. Have I got this completely wrong?

I cannot find where this is covered in the documentation so I am
assuming at this point it is not. If I am mistaken please point me in
the right direction. Thanks

iptables:: iptables -A PREROUTING -t mangle -s 192.168.0.160 -j ACCEPT
iptables:: iptables -A PREROUTING -t mangle -d 192.168.0.160 -j ACCEPT
iptables:: iptables -A PREROUTING -t mangle -s 192.168.0.33 -j ACCEPT
iptables:: iptables -A PREROUTING -t mangle -d 192.168.0.33 -j ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol tcp --syn -i br1
-j MARK --set-mark 1
iptables:: iptables -A PREROUTING -t mangle --protocol tcp --syn -i br1
-j ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol tcp --syn -i
br1:1 -j MARK --set-mark 2
iptables:: iptables -A PREROUTING -t mangle --protocol tcp --syn -i
br1:1 -j ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol tcp  -i br1 -j
MARK --set-mark 3
iptables:: iptables -A PREROUTING -t mangle --protocol tcp  -i br1 -j
ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol tcp  -i br1:1 -j
MARK --set-mark 3
iptables:: iptables -A PREROUTING -t mangle --protocol tcp  -i br1:1 -j
ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol 105  -i br1 -j
MARK --set-mark 3
iptables:: iptables -A PREROUTING -t mangle --protocol 105  -i br1 -j
ACCEPT
iptables:: iptables -A PREROUTING -t mangle --protocol 105  -i br1:1 -j
MARK --set-mark 3
iptables:: iptables -A PREROUTING -t mangle --protocol 105  -i br1:1 -j
ACCEPT
iptables:: ip rule add fwmark 1 table 200
iptables:: ip rule add fwmark 2 table 201
iptables:: ip rule add fwmark 3 table 202
iptables:: ip addr add 10.99.99.1 peer 10.99.99.2 dev tun0
iptables:: ip addr add 10.99.98.1 peer 10.99.98.2 dev tun1
iptables:: ip addr add 10.99.97.1 peer 10.99.97.2 dev tun2
iptables:: ip link set dev tun0 up
iptables:: ip link set dev tun1 up
iptables:: ip link set dev tun2 up
iptables:: ip route add default dev tun0 table 200
iptables:: ip route add default dev tun1 table 201
iptables:: ip route add default dev tun2 table 202

More information about the Sis-SCPS-INTEREST mailing list