This seems like a reasonable approach. The entry in the rt_tables file (/etc/iproute2/rt_tables in the Debian package of iproute) is only needed if we want to refer to the routing table by a name, although I suppose it does server a purpose similar to /etc/services in reserving a table number. However, iodine could also simply find an empty table by starting with $table=1 and incrementing $table until "ip route list table $table" is empty.
So to reiterate (to ensure that I understand), iodine takes the existing default route and adds a host route to the iodine server via that route to the a newly created routing table (which the iodine client can determine dynamically). Then mark outgoing packets to iodine server so that the policy rule shuttles them through the dynamically created routing table. When the client shuts down, it simply remove the marking rule and deletes the dynamically created routing table. Is that the gist of it? Regards, Tony martin f krafft wrote: > It occurs to me that one can do better, but I am not sure how > a Debian package might do the following: > > 1. create an additional routing table (/etc/iproute/rt_table) > 2. add the default route via iodine to that table > 3. add a routing policy rule to route packages fwmarked 53 based on > that additional table > 4. tell iptables to mangle/mark outgoing packets to port 53 with > fwmark 53. > > The problem is that this needs modification of /etc/iproute/rt_table > and also iptables, and we don't have policies for either of those > on Debian. > > The second example on http://www.linuxhorizon.ro/iproute2.html > illustrates the idea. I think you don't need two additional tables > for this case. > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
