[CentOS] Packet routing diagram
Ljubomir Ljubojevic
office at plnet.rs
Mon Apr 25 23:00:10 UTC 2011
Kenneth Porter wrote:
> There's a number of diagrams around the Internet illustrating the path
> packets take through the Linux kernel, including the various firewall
> modules, that's quite helpful in understanding which rules should go in
> which table.
>
> Here's one that's not bad:
>
> <http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables#Figure_14-1_Iptables_Packet_Flow_Diagram>
>
> The box labeled "Local Processing of Data" is where packets that are
> created by the firewall's applications originate.
>
> Does anyone have a better diagram? How about one that shows the policy
> routing system?
Maybe this one:
http://www.shorewall.net/NetfilterOverview.html
Policy routing is pretty straightforward. You mark the packet in PREROUTING:
iptables -t mangle -A PREROUTING -d 172.27.0.0/16 -j MARK --set-mark 200
, and then add (ip )route rules like in:
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH05.web.html#5.6
I use policy routing only on StarV3 Wireless/LAN routers and they very
easy to set up policy routing:
policy nfmark 80 {default 10.0.1.100 }
or
policy from 192.168.2.0/24 { default 10.10.1.1 }
policy to 192.168.2.0/24 { default 10.10.1.1 }
etc...
Ljubomir
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
More information about the CentOS
mailing list