Bug 145642 - iptables ROUTE target does not work
iptables ROUTE target does not work
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-01-20 07:07 EST by vigna
Modified: 2015-01-04 17:15 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-20 21:32:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description vigna 2005-01-20 07:07:51 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
If you try to use the ROUTE target (quoted in the manual) it does not
work, as the relative extension is not present:

iptables -t mangle -A PREROUTING --proto tcp --destination-port ! 21
iptables v1.2.11: Couldn't load target
`ROUTE':/lib/iptables/libipt_ROUTE.so: cannot open shared object file:
No such file or directory

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Do as above.

Additional info:
Comment 1 Thomas Woerner 2005-01-20 07:34:16 EST
There is no ipt_ROUTE support in the kernel, therefore there is no
extensin module in iptables for it.

Assigning to kernel.
Comment 2 vigna 2005-01-20 10:40:18 EST
True, but the manual contains the full section about ROUTE.
Comment 3 Dave Jones 2005-01-20 21:32:55 EST
By the looks of things, this never got merged upstream, in either 2.4
or 2.6. Googling around shows patches against a
net/ipv4/netfilter/ipt_ROUTE.c, but there's no sign of that file in
any of the bitkeeper repositories. 

In fact.. I just grabbed the patch-o-matic from
http://www.netfilter.org, and it's an add-on there.

Your best bet is to ask the netfilter folks directly, as they know the
full story about whats happening with it.
If it reappears in a future update, we can consider turning it on in
an errata kernel, but right now, there's nothing to turn on.

Thomas, you may want to remove that part of the manpage in an update,
as its very misleading to document something that doesn't seem to have
any chance of working without additional patches.

Note You need to log in before you can comment on or make changes to this bug.