[Madlug] linux vlan/bridge/router ?
Martin A. Brown
martin at linux-ip.net
Mon Oct 1 11:32:01 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
: Bah, I left my iptables book at home this morning. I think
: mangle comes first, then prerouting, route/input, post-route.
Maybe one of these would come in handy [0], [1], [2], [3] and [4].
: Nat carries additional overhead, but if the box isn't doing
: anything else and you have a decent amount of memory and traffic
: isn't too heavy. I wouldn't worry too much.
Agreed.
: If you don't need nat, then why bother. You can put all the ACL
: statements you want on the forward chain.
Yes, indeed!
- -Martin
[0] http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
[1] http://open-source.arkoon.net/kernel/kernel_net.png
[2] http://linux-ip.net/nf/nfk-traversal.png
[3] http://www.docum.org/docum.org/kptd/
[4] http://iptables-tutorial.frozentux.net/
- --
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)
iD8DBQFHASEGHEoZD1iZ+YcRAtA8AKCRsxWwXrLpBFwgkfmvYZVjBuEdPQCcDKnC
WwwNYLiytSPR31r5cC+vj9s=
=BuRI
-----END PGP SIGNATURE-----
More information about the Madlug
mailing list