From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6E71C1381F3 for ; Fri, 4 Oct 2013 16:26:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 833BFE0A5E; Fri, 4 Oct 2013 16:26:04 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 85E72E0930 for ; Fri, 4 Oct 2013 16:26:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id C8DAF33DA6C for ; Fri, 4 Oct 2013 16:26:02 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.443 X-Spam-Level: X-Spam-Status: No, score=-1.443 tagged_above=-999 required=5.5 tests=[AWL=-1.991, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H1bietJXBqOC for ; Fri, 4 Oct 2013 16:25:57 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E70AD33E341 for ; Fri, 4 Oct 2013 16:25:54 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VS8CJ-0005CR-Uu for gentoo-user@gentoo.org; Fri, 04 Oct 2013 18:25:47 +0200 Received: from dsl.comtrol.com ([64.122.56.22]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Oct 2013 18:25:47 +0200 Received: from grant.b.edwards by dsl.comtrol.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Oct 2013 18:25:47 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Grant Edwards Subject: [gentoo-user] Re: Where to put advanced routing configuration? Date: Fri, 4 Oct 2013 16:25:28 +0000 (UTC) Message-ID: References: <524DD388.9020507@fastmail.co.uk> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: dsl.comtrol.com User-Agent: slrn/1.0.1 (Linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Archives-Salt: 160bbc3f-a908-4aab-aafb-b0d1f3869b1f X-Archives-Hash: c22e9c4aaa1e76a7c01fed27db68dc0f On 2013-10-03, Kerin Millar wrote: > On 03/10/2013 20:27, Grant Edwards wrote: > >> Let's say you wanted to configure routing of TCP packets based on >> destination port like in this example: >> >> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html >> >> [which contains a series of 'ip' and 'iptables' commands to get packets >> destined for port 25 to use a specific gateway.] >> >> How do do this the "right" way on a Gentoo system? [Where to put iptables and ip routing config/commands] > The iptables runscript is ideal for persisting the rules. However, > during the initial construction of a non-trivial ruleset, I prefer to > write a script that adds the rules. An elegant way of doing this is to > use iptables-restore with a heredoc. The method - and its advantages - > are described in this document (section 3): > > http://inai.de/documents/Perfect_Ruleset.pdf Excellent reference. >> What about the 'ip' commands required to set up the tables, routes, >> and rules? Do those go in a startup script somewhere? Does one just >> edit /etc/iproute2/rt_tables by hand? One would assume route >> configuration belongs > > I would use the files under /etc/iproute2 for their intended purpose > and a postup() hook in conf.d/net for anything else. When the > postup() function is entered, the IFACE variable is automatically set > to the name of the interface that triggered the event. Anything that > is valid bash can go there. Cool. That's the main piece I hadn't figured out yet. Thanks! -- Grant Edwards grant.b.edwards Yow! Now KEN and BARBIE at are PERMANENTLY ADDICTED to gmail.com MIND-ALTERING DRUGS ...