Modify

Opened 3 years ago

Closed 3 years ago

#19448 closed defect (wontfix)

ROUTE target not working on iptables

Reported by: Daniel M. Owned by: developers
Priority: normal Milestone:
Component: kernel Version: Barrier Breaker 14.07
Keywords: Cc:

Description

ROUTE target doesn't seem to work on BB(14.07, r42625):

root@router:~# iptables -t mangle -A prerouting_rule -d 192.168.8.0/24 -i br-lan -j ROUTE
iptables v1.4.21: Couldn't load target `ROUTE':No such file or directory

Wiki states ROUTE target is supported: http://wiki.openwrt.org/doc/howto/netfilter

TARGET: ACCEPT DROP QUEUE RETURN BALANCE CLASSIFY CLUSTERIP CONNMARK CONNSECMARK CONNTRACK DNAT DSCP ECN IPMARK IPV4OPSSTRIP LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE CT REDIRECT REJECT ROUTE SAME SECMARK SET SNAT TARPIT TCPMSS TOS TRACE TTL ULOG XOR

Attachments (0)

Change History (6)

comment:1 Changed 3 years ago by anonymous

that's a bug in the documentation. As far as i know ROUTE has been deprecated as target long ago... around 2012 i think.

use instead: -j CONNMARK --set-mark value/mask
(or MARK.. but CONNMARK is usually preferred) and use iproute2 to adjust routing based on applied marks.

comment:2 Changed 3 years ago by anonymous

that's a bug in the documentation. As far as i know ROUTE has been deprecated as target long ago... around 2012 i think.

use instead: -j CONNMARK --set-mark value/mask
(or MARK.. but CONNMARK is usually preferred) and use iproute2 to adjust routing based on applied marks.

comment:3 Changed 3 years ago by anonymous

correction. it was nuked in 2009 not 2012.

ipt_ROUTE is incompatible with linux >= 2.6.31

source:
https://bugzilla.netfilter.org/show_bug.cgi?id=623

comment:4 Changed 3 years ago by Daniel M.

Thanks a lot

comment:5 Changed 3 years ago by anonymous

one note btw: for multi-ISP routing make sure to set rp_filter to 2 (loose filtering) or 0 (filtering turned off), be warned though that turning off rp_filter is not recommended these days, that's why the loose filtering was implemented.

if you set rp_filter to 1 (strict filtering), which is recommended for single-ISP scenarios it will drop good packets that arrive on a different route.

see
https://access.redhat.com/solutions/53031
and
https://tools.ietf.org/html/rfc3704

comment:6 Changed 3 years ago by nbd

  • Resolution set to wontfix
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.