Kenneth Porter wrote: > There's a number of diagrams around the Internet illustrating the path > packets take through the Linux kernel, including the various firewall > modules, that's quite helpful in understanding which rules should go in > which table. > > Here's one that's not bad: > > <http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables#Figure_14-1_Iptables_Packet_Flow_Diagram> > > The box labeled "Local Processing of Data" is where packets that are > created by the firewall's applications originate. > > Does anyone have a better diagram? How about one that shows the policy > routing system? Maybe this one: http://www.shorewall.net/NetfilterOverview.html Policy routing is pretty straightforward. You mark the packet in PREROUTING: iptables -t mangle -A PREROUTING -d 172.27.0.0/16 -j MARK --set-mark 200 , and then add (ip )route rules like in: http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH05.web.html#5.6 I use policy routing only on StarV3 Wireless/LAN routers and they very easy to set up policy routing: policy nfmark 80 {default 10.0.1.100 } or policy from 192.168.2.0/24 { default 10.10.1.1 } policy to 192.168.2.0/24 { default 10.10.1.1 } etc... Ljubomir > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >