Ubuntu
iptables package

Request for iptables ROUTE target

Asked by Bjørn Vegard Larsen

Could you add the ROUTE target for iptables?

Currently one would first have to match with iptables, mark and then policy route through ip rule with tables to achieve the same.
Tables are a very limited resource and it requires more steps in setting up and maintenance.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu iptables Edit question
Assignee:
No assignee Edit question
Solved by:
Bernard Stafford
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

iptables doesn't care about routes. It only cares about the ports and protocols going out of each interface. You can use iptables-persistent to store and restore your rules on reboot.
You can add routes to your interfaces either using netplan or somewhere in network manager. If the system never moves then I recommend using netplan

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#2

Missed the subscribe tick...

Revision history for this message
Bjørn Vegard Larsen (bvlarsen) said : 		#3

This is not about routes any more than nat is. You could solve nat by using
global routing and public ip´s, no more need for nat, stil iptables
manipulates routing by changing src og dst ip. Using the ROUTE target to
set outbound interface is a different type of manipulation, called policy
routing.

This can not be done by any network manager.

It can be done by combining iptables match and mark with ip rule and
tables, but there are only 252 available custom tables. This could be
scaled endlessly with the ROUTE target.

In my case I´m trying to force different packets to different vrf´s based
on fwmark. Each fwmark can represent 0.0.0.0/0, overlapping IP spaces.
iptables -t mangle -A PREROUTING -m mark --mark <mark> -j ROUTE --oif
<outgoing interface to vrf> would solve that efficiently.

It would be nice if this existing target could be added to Ubuntu, it seems
redundant to make a similar solution to the same problem.

On Tue, Jan 18, 2022 at 3:20 PM actionparsnip <
<email address hidden>> wrote:

> Your question #700284 on iptables in Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/iptables/+question/700284
>
> Status: Open => Answered
>
> actionparsnip proposed the following answer:
> iptables doesn't care about routes. It only cares about the ports and
> protocols going out of each interface. You can use iptables-persistent to
> store and restore your rules on reboot.
> You can add routes to your interfaces either using netplan or somewhere in
> network manager. If the system never moves then I recommend using netplan
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
>
> https://answers.launchpad.net/ubuntu/+source/iptables/+question/700284/+confirm?answer_id=0
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/ubuntu/+source/iptables/+question/700284
>
> You received this question notification because you asked the question.
>

Revision history for this message
Best Bernard Stafford (bernard010) said : 		#4

Quote: "ROUTE is a deprecated target and no longer available; to influence packet routing."
https://serverfault.com/questions/333155/where-i-can-get-route-target-for-iptables

Revision history for this message
Bjørn Vegard Larsen (bvlarsen) said : 		#5

That was unfortunate. Thank you for looking into it.