Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

Routing decision after FORWARD

 

 

iptables user RSS feed   Index | Next | Previous | View Threaded


wfragg at gmail

Jun 27, 2007, 6:15 AM

Post #1 of 4 (1509 views)
Permalink
Routing decision after FORWARD

Hello,

Look here:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGGENERAL

According to the diagram, there is routing decision after
filter/FORWARD. However, according to the tables before, there is no
such routing (there is only one routing before mangle/FORWARD). The
question is, which one is correct?


--
WBR,
Ivan S. Dubrov
Attachments: signature.asc (0.18 KB)


davila at nicaraguaopensource

Jun 29, 2007, 10:41 AM

Post #2 of 4 (1442 views)
Permalink
Re: Routing decision after FORWARD [In reply to]

Ivan:

There are three escenaries:

(1) Packets destined to our machine
(2) Packets originated inside our machine
(3) Packets forwarded

The table only have a reference to escenary (1) and the diagram after
the tables hits all escenaries.

Not all packets traverse all chains, that depends on the escenary.

Hope this helps,

Jorge Dávila.

Ivan Dubrov wrote:
> Hello,
>
> Look here:
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGGENERAL
>
> According to the diagram, there is routing decision after
> filter/FORWARD. However, according to the tables before, there is no
> such routing (there is only one routing before mangle/FORWARD). The
> question is, which one is correct?
>
>


--
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 430 5462
davila [at] nicaraguaopensource


wfragg at gmail

Jun 30, 2007, 12:13 AM

Post #3 of 4 (1434 views)
Permalink
Re: Routing decision after FORWARD [In reply to]

There are three escenaries:
>
> (1) Packets destined to our machine
> (2) Packets originated inside our machine
> (3) Packets forwarded
>
> The table only have a reference to escenary (1) and the diagram after
> the tables hits all escenaries.
>
> Not all packets traverse all chains, that depends on the escenary.
>
I'm was already told that both are correct. There are two routing
decisions for forwarded packets (as it is drawn on the diagram) and the
second routing decision is mentioned in the table 6-3, step 8. However,
it is not clear, what kind of rules could be applied during the second
routing decision. The same as in first decision? In that case, does that
mean that I can set mark on the packet during the mangle/FORWARD and
route that packet to self in the second routing decision? And it will
traverse the table again, this time through INPUT chains?

Anyway, I've found easier solution for my needs, so these questions are
just for curiosity. :)

--
WBR,
Ivan S. Dubrov
Attachments: signature.asc (0.18 KB)


davila at nicaraguaopensource

Jun 30, 2007, 7:57 AM

Post #4 of 4 (1415 views)
Permalink
Re: Routing decision after FORWARD [In reply to]

You can apply rules in in the mangle table (FORWARD) for QoS and tuning the perfomance of your connection using queuieng policies with tc.

Jorge Dávila.

>There are three escenaries:
>>
>> (1) Packets destined to our machine
>> (2) Packets originated inside our machine
>> (3) Packets forwarded
>>
>> The table only have a reference to escenary (1) and the diagram after
>> the tables hits all escenaries.
>>
>> Not all packets traverse all chains, that depends on the escenary.
>>
>I'm was already told that both are correct. There are two routing
>decisions for forwarded packets (as it is drawn on the diagram) and the
>second routing decision is mentioned in the table 6-3, step 8. However,
>it is not clear, what kind of rules could be applied during the second
>routing decision. The same as in first decision? In that case, does that
>mean that I can set mark on the packet during the mangle/FORWARD and
>route that packet to self in the second routing decision? And it will
>traverse the table again, this time through INPUT chains?
>
>Anyway, I've found easier solution for my needs, so these questions are
>just for curiosity. :)
>
>--
>WBR,
>Ivan S. Dubrov
>
>



--
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 430 5462
davila [at] nicaraguaopensource

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.