[Fwd: iptables-extensions]

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Fwd: iptables-extensions]

suse-8

Hi all,

i would like to add random-function to my iptables
But allthough i thought i added enough i seem to miss something..


iptables -A PREROUTING -i eth0 -p udp --dport 1200 -m state --state NEW -m random --average 25 -j DNAT --to-destination 192.87.141.197:1201
iptables v1.4.8: Couldn't load match `random':/usr/lib/xtables/libipt_random.so: cannot open shared object file: No such file or directory

find / -iname "*libipt_random*"
[indeed nothing]

zypper search xtables
i | libxtables7                          | iptables extension interface
i | xtables-addons                       | IP Packet Filter Administration Extensions
i | xtables-addons-kmp-xen               | IP Packet Filter Administration Extensions


So where  can i find "libipt_random.so" ?


Hans
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: iptables-extensions: load-balancing

suse-8
On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote:

> Hi all,
>
> i would like to add random-function to my iptables
> But allthough i thought i added enough i seem to miss something..
>
>
> iptables -A PREROUTING -i eth0 -p udp --dport 1200 -m state --state NEW -m random --average 25 -j DNAT --to-destination 192.87.141.197:1201
> iptables v1.4.8: Couldn't load match `random':/usr/lib/xtables/libipt_random.so: cannot open shared object file: No such file or directory
>
> find / -iname "*libipt_random*"
> [indeed nothing]
>
> zypper search xtables
> i | libxtables7                          | iptables extension interface
> i | xtables-addons                       | IP Packet Filter Administration Extensions
> i | xtables-addons-kmp-xen               | IP Packet Filter Administration Extensions
>
>
> So where  can i find "libipt_random.so" ?
>
>
> Hans

Even stranger...
it looks like, it should have been a part of mainstream iptables
package, according to:
http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so

But that specific module is missing in 11.3, 11.4 and sles11sp1
(and i assume also in 12.1)

The functionality it provides is described in:
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html
and
http://linuxgazette.net/108/odonovan.html

afaict, there is nothing to replace it.


hans
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: iptables-extensions: load-balancing

Per Jessen-2
Hans Witvliet wrote:

> On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote:
> Even stranger...
> it looks like, it should have been a part of mainstream iptables
> package, according to:
> http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so
>
> But that specific module is missing in 11.3, 11.4 and sles11sp1
> (and i assume also in 12.1)

The random module is not included in the regular iptables source
package. (I don't know why).  I guess you have to patch it yourself.



--
Per Jessen, Zürich (1.9°C)

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: iptables-extensions: load-balancing

Anders Johansson-9
In reply to this post by suse-8
On Saturday 10 March 2012 00:34:17 Hans Witvliet wrote:
> The functionality it provides is described in:
> http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.ht
> ml and
> http://linuxgazette.net/108/odonovan.html
>
> afaict, there is nothing to replace it.

-m statistic --mode random

perhaps? This is what is described in the man page

Anders
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: iptables-extensions: load-balancing

suse-8
In reply to this post by Per Jessen-2
On Sat, 2012-03-10 at 09:29 +0100, Per Jessen wrote:

> Hans Witvliet wrote:
>
> > On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote:
> > Even stranger...
> > it looks like, it should have been a part of mainstream iptables
> > package, according to:
> > http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so
> >
> > But that specific module is missing in 11.3, 11.4 and sles11sp1
> > (and i assume also in 12.1)
>
> The random module is not included in the regular iptables source
> package. (I don't know why).  I guess you have to patch it yourself.
>

Hi Per,

Sure, i could patch & compile it myself, but (besides other reaons for
not doing so) i would be the only one benefitting fom it.

So the essential question (who is maintaining iptables?) is indeed _why_
is that module not included.
If it would be some obscure and unmaintained patch from "John Doe" it
would be understandable. But it looks like an option that the maintainer
has forgotton to enable....

Or, if there was a good reason for not doing so, i woud very much like
to know it.

Hans
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: iptables-extensions: load-balancing

Anders Johansson-9
On Monday 12 March 2012 00:12:29 Hans Witvliet wrote:

> Sure, i could patch & compile it myself, but (besides other reaons for
> not doing so) i would be the only one benefitting fom it.
>
> So the essential question (who is maintaining iptables?) is indeed _why_
> is that module not included.
> If it would be some obscure and unmaintained patch from "John Doe" it
> would be understandable. But it looks like an option that the maintainer
> has forgotton to enable....
>
> Or, if there was a good reason for not doing so, i woud very much like
> to know it.

I gave it to you already. The module is statistic, with the --mode random
parameter now, as the man page tells you

Anders
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]