| 1 |
On 2008-03-03, kashani <kashani-list@××××××××.net> wrote: |
| 2 |
|
| 3 |
> I'm not aware of any iptables front end that will also manager |
| 4 |
> policy based routing which is Cisco-ese and maybe general |
| 5 |
> Network-ese for what you're trying to do. However I would use |
| 6 |
> shorewall (or whatever you prefer) to do most of the work and |
| 7 |
> then insert your custom rules where they need to go. |
| 8 |
|
| 9 |
AFAICT, I only need to add 1 iptable rule to mark outbound |
| 10 |
frames destined to particular ports. |
| 11 |
|
| 12 |
> All policy routing regardless of actual implementation has you |
| 13 |
> build an ACL of traffic you'd like messed with. Then you need |
| 14 |
> to specify what happens to traffic that matches the ACL. |
| 15 |
> However one thing the original how-to you linked left didn't |
| 16 |
> completely spell out is NAT. You MUST NAT on each interface or |
| 17 |
> you'll have all sorts of routing fun that does not work. |
| 18 |
|
| 19 |
I don't understand why I have to do NAT. Can you explain why? |
| 20 |
(Or point me to docs that explain why?) |
| 21 |
|
| 22 |
-- |
| 23 |
Grant Edwards grante Yow! |
| 24 |
at BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI- |
| 25 |
visi.com |
| 26 |
|
| 27 |
-- |
| 28 |
gentoo-user@l.g.o mailing list |
Archives