If you're trying to do routing table lookups by source address, you can use the ip rule command. This is similar to route maps on Cisco routers.
e.g. ip rule add from x.x.x.x/24 to y.y.y.y/24 table 50 ip route add y.y.y.y/24 via z.z.z.z table 50 then the path to y.y.y.y from x.x.x.x will be z.z.z.z instead of another route/default route. David Barker Senior Security Engineer Internet Security Division, Compuquip Technologies Phone: 305-436-7272 dbarker[at]compuquip[dot]com --------------------------------------------------------------------------------------------------------------------------------------------- WARNING Unencrypted email is insecure and vulnerable to eavesdropping. Send an email message with "get pgp key" or "get cert" in the subject to get a copy of my encryption keys. --------------------------------------------------------------------------------------------------------------------------------------------- -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Crist Clark Sent: Friday, March 28, 2008 6:11 PM To: [email protected] Subject: Re: [FW-1] source routing onsplat >>> On 3/28/2008 at 5:11 AM, pkc_mls <[EMAIL PROTECTED]> wrote: > Hi all, > > did anyone already configured source routing on splat ? > it's supposed to work on linux kernel since 2.2. > > what about support for such configurations ? Do you really mean source routing? That is, using IP options to specify the gateways through which a packet should or must pass, depending on whether you do strict or loose source routing. I believe FW-1 drops packets with IP options by default, but that that is configurable to some degree. Or are you asking whether you can do policy routing based on source address? SPlat has the netfilter mangle kernel module, /lib/modules/2.6.18-22cp/kernel/net/ipv4/netfilter/iptable_mangle.ko But I don't see an iptables(8) executable to actually put in any rules to use the module. Even then, not sure if it would work. BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information in this message including any attachments may be confidential or privileged and is for the use of the named recipient only. If you are not the named or intended recipient you may not copy, distribute, or deliver this message to anyone or take any action in reliance on it. If you receive this message in error please contact the sender immediately and delete it from your system Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
