On 2008-03-03, kashani <[EMAIL PROTECTED]> wrote:
> I'm not aware of any iptables front end that will also manager
> policy based routing which is Cisco-ese and maybe general
> Network-ese for what you're trying to do. However I would use
> shorewall (or whatever you prefer) to do most of the work and
> then insert your custom rules where they need to go.
AFAICT, I only need to add 1 iptable rule to mark outbound
frames destined to particular ports.
> All policy routing regardless of actual implementation has you
> build an ACL of traffic you'd like messed with. Then you need
> to specify what happens to traffic that matches the ACL.
> However one thing the original how-to you linked left didn't
> completely spell out is NAT. You MUST NAT on each interface or
> you'll have all sorts of routing fun that does not work.
I don't understand why I have to do NAT. Can you explain why?
(Or point me to docs that explain why?)
--
Grant Edwards grante Yow!
at
BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-BI-
visi.com
--
[email protected] mailing list
