From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-76360-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JWH7n-0004iS-3B
	for garchives@archives.gentoo.org; Mon, 03 Mar 2008 20:19:03 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 90FF9E0496;
	Mon,  3 Mar 2008 20:18:57 +0000 (UTC)
Received: from www01.badapple.net (www01.badapple.net [64.79.219.163])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6CB6CE0496
	for <gentoo-user@lists.gentoo.org>; Mon,  3 Mar 2008 20:18:57 +0000 (UTC)
Received: from [172.21.229.7] (fa0-1-wlan-rtr.corp.yahoo.com [216.145.49.5])
	(Authenticated sender: ramin@badapple.net)
	by www01.badapple.net (Postfix) with ESMTP id 884AE26F4001
	for <gentoo-user@lists.gentoo.org>; Mon,  3 Mar 2008 12:18:56 -0800 (PST)
Message-ID: <47CC5D2F.3020206@badapple.net>
Date: Mon, 03 Mar 2008 12:18:55 -0800
From: kashani <kashani-list@badapple.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Re: How to do port-based routing?
References: <fqhelg$or5$1@ger.gmane.org> <1699.192.168.0.96.1204571480.squirrel@canuckster.org> <fqhjvi$gb7$2@ger.gmane.org>
In-Reply-To: <fqhjvi$gb7$2@ger.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 97c1fb27-64bb-4f29-9731-eba265b44aef
X-Archives-Hash: 06a3c3be5d4e5b468e423cf1bc56723b

Grant Edwards wrote:
> I found shorewall and firestarter, but neither looked very
> useful to me:
> 
>  1) They're both designed for configuring firewalls, and I'm
>     not building a firewall machine.
> 
>  2) Neither seemed to have any way to specify port-based routing.
> 
> So it looks like plain iptables is the way to go.
> 

	I'm not aware of any iptables front end that will also manager policy 
based routing which is Cisco-ese and maybe general Network-ese for what 
you're trying to do. However I would use shorewall (or whatever you 
prefer) to do most of the work and then insert your custom rules where 
they need to go.
	All policy routing regardless of actual implementation has you build an 
ACL of traffic you'd like messed with. Then you need to specify what 
happens to traffic that matches the ACL. However one thing the original 
how-to you linked left didn't completely spell out is NAT. You MUST NAT 
on each interface or you'll have all sorts of routing fun that does not 
work.

kashani
-- 
gentoo-user@lists.gentoo.org mailing list