On 03/10/2013 20:27, Grant Edwards wrote:
Let's say you wanted to configure routing of TCP packets based on destination
port like in this example:
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
[which contains a series of 'ip' and 'iptables' commands to get packets
destined for port 25 to use a specific gateway.]
How do do this the "right" way on a Gentoo system?
Based on reading http://www.gentoo.org/doc/en/home-router-howto.xml, I think
I've figured out how to do the iptables part: you enter the 'iptables'
commands by hand to get the iptables set up the way you want, then you do
this:
# /etc/init.d/iptables save
# rc-update add iptables default
The iptables runscript is ideal for persisting the rules. However,
during the initial construction of a non-trivial ruleset, I prefer to
write a script that adds the rules. An elegant way of doing this is to
use iptables-restore with a heredoc. The method - and its advantages -
are described in this document (section 3):
http://inai.de/documents/Perfect_Ruleset.pdf
What about the 'ip' commands required to set up the tables, routes, and
rules? Do those go in a startup script somewhere? Does one just edit
/etc/iproute2/rt_tables by hand? One would assume route configuration belongs
I would use the files under /etc/iproute2 for their intended purpose and
a postup() hook in conf.d/net for anything else. When the postup()
function is entered, the IFACE variable is automatically set to the name
of the interface that triggered the event. Anything that is valid bash
can go there.
in /etc/conf.d/net -- I've read through the advanced networking stuff in the
handbook, but it's not apparent to me where those 'ip' command belong.
