Re: [gentoo-user] Where to put advanced routing configuration?

[Kerin Millar <kerframil@fastmail.co.uk>]

On 03/10/2013 20:27, Grant Edwards wrote:
> Let's say you wanted to configure routing of TCP packets based on destination
> port like in this example:
>
>    http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
>
> [which contains a series of 'ip' and 'iptables' commands to get packets
> destined for port 25 to use a specific gateway.]
>
> How do do this the "right" way on a Gentoo system?
>
> Based on reading http://www.gentoo.org/doc/en/home-router-howto.xml, I think
> I've figured out how to do the iptables part: you enter the 'iptables'
> commands by hand to get the iptables set up the way you want, then you do
> this:
>
>    # /etc/init.d/iptables save
>    # rc-update add iptables default

The iptables runscript is ideal for persisting the rules. However, 
during the initial construction of a non-trivial ruleset, I prefer to 
write a script that adds the rules. An elegant way of doing this is to 
use iptables-restore with a heredoc. The method - and its advantages - 
are described in this document (section 3):

http://inai.de/documents/Perfect_Ruleset.pdf

> What about the 'ip' commands required to set up the tables, routes, and
> rules?  Do those go in a startup script somewhere? Does one just edit
> /etc/iproute2/rt_tables by hand? One would assume route configuration belongs

I would use the files under /etc/iproute2 for their intended purpose and 
a postup() hook in conf.d/net for anything else. When the postup() 
function is entered, the IFACE variable is automatically set to the name 
of the interface that triggered the event. Anything that is valid bash 
can go there.

> in /etc/conf.d/net -- I've read through the advanced networking stuff in the
> handbook, but it's not apparent to me where those 'ip' command belong.