User Tools

Site Tools


iptables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
iptables [2014/11/24 02:11]
ben
iptables [2014/11/24 02:15] (current)
ben
Line 10: Line 10:
  
 To permanently affect the changes to the configuration,​ run the following commands on firewall.sihnon.net:​ To permanently affect the changes to the configuration,​ run the following commands on firewall.sihnon.net:​
-{{Command|<​code>​0@@</​code>​}}+{{Command|''​0@@''​}}
  
 ===== Host firewalls ===== ===== Host firewalls =====
Line 23: Line 23:
 Policy routing needs the following kernel options set: Policy routing needs the following kernel options set:
  
-{{Kernel|2.6.28-gentoo-r1|<​code>​1@@</​code>​}}+{{Kernel|2.6.28-gentoo-r1|''​1@@''​}}
  
 Create an alternate routing table by adding the following line to the end of ''​rt_tables''​. Create an alternate routing table by adding the following line to the end of ''​rt_tables''​.
-{{File|/​etc/​iproute2/​rt_tables|<​code>​2@@</​code>​}}+{{File|/​etc/​iproute2/​rt_tables|''​2@@''​}}
  
 {{Note|The name "​vpn"​ is used here, but the only connections which will use this table are those that will be routed through the default gateway. The name is chosen because the VPN is the reason the table is needed, not because the table contains rules for the VPN itself.}} {{Note|The name "​vpn"​ is used here, but the only connections which will use this table are those that will be routed through the default gateway. The name is chosen because the VPN is the reason the table is needed, not because the table contains rules for the VPN itself.}}
  
 The default gateway should be added to both routing tables, along with any other static routes if needed. The default gateway should be added to both routing tables, along with any other static routes if needed.
-{{File|/​etc/​conf.d/​net|<​code>​3@@</​code>​}}+{{File|/​etc/​conf.d/​net|''​3@@''​}}
  
 Now we need to specify that certain connections will be sent according to the alternate routing table instead of the main one. These scripts are stored in subversion, under ''​routing-rules''​ init script at [[https://​dev.sihnon.net/​svnpriv/​configs/​network/​router|configs:/​network/​router]] but is configured like this: Now we need to specify that certain connections will be sent according to the alternate routing table instead of the main one. These scripts are stored in subversion, under ''​routing-rules''​ init script at [[https://​dev.sihnon.net/​svnpriv/​configs/​network/​router|configs:/​network/​router]] but is configured like this:
  
-{{File|/​etc/​conf.d/​routing-rules|<​code>​4@@</​code>​}}+{{File|/​etc/​conf.d/​routing-rules|''​4@@''​}}
  
-{{File|/​etc/​init.d/​routing-rules|<​code>​5@@</​code>​}}+{{File|/​etc/​init.d/​routing-rules|''​5@@''​}}
  
 The final bit of magic comes in the form of some iptables rules, which mark particular connections to use the alternate routing table: The final bit of magic comes in the form of some iptables rules, which mark particular connections to use the alternate routing table:
  
-{{File|iptables-rules|<​code>​6@@</​code>​}}+{{File|iptables-rules|''​6@@''​}}
  
 ==== Traffic Shaping ==== ==== Traffic Shaping ====
iptables.txt · Last modified: 2014/11/24 02:15 by ben