Kenneth Porter wrote:
There's a number of diagrams around the Internet illustrating the path packets take through the Linux kernel, including the various firewall modules, that's quite helpful in understanding which rules should go in which table.
Here's one that's not bad:
The box labeled "Local Processing of Data" is where packets that are created by the firewall's applications originate.
Does anyone have a better diagram? How about one that shows the policy routing system?
Maybe this one: http://www.shorewall.net/NetfilterOverview.html
Policy routing is pretty straightforward. You mark the packet in PREROUTING:
iptables -t mangle -A PREROUTING -d 172.27.0.0/16 -j MARK --set-mark 200
, and then add (ip )route rules like in: http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH05.web.html#5.6
I use policy routing only on StarV3 Wireless/LAN routers and they very easy to set up policy routing:
policy nfmark 80 {default 10.0.1.100 } or policy from 192.168.2.0/24 { default 10.10.1.1 } policy to 192.168.2.0/24 { default 10.10.1.1 } etc...
Ljubomir
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos