Vyatta Core 6.5R1 Policy Base Routing mechanism$ sudo iptables --list -t mangle -v –n:Chain PREROUTING (policy ACCEPT 2253...
Upcoming SlideShare
Loading in …5
×

VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO

1,168 views

Published on

VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO

07 Jan, 2013
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,168
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO

  1. 1. Vyatta Core 6.5R1 Policy Base Routing mechanism$ sudo iptables --list -t mangle -v –n:Chain PREROUTING (policy ACCEPT 2253 packets, 127K bytes) pkts bytes target prot opt in out source destination 2254 127K VYATTA_FW_IN_HOOK all -- * * 0.0.0.0/0 0.0.0.0/0 Chain VYATTA_FW_IN_HOOK (1 references) pkts bytes target prot opt in out source destination 218 20026 SRC-PORT-SLB all -- eth0 * 0.0.0.0/0 0.0.0.0/0 set interfaces ethernet eth0 policy route SRC-PORT-SLB Chain SRC-PORT-SLB (1 references) pkts bytes target prot opt in out source destination 0 0 VYATTA_PBR_10 tcp -- * * 0.0.0.0/0 W.W.W.W /* SRC-PORT-SLB-10 */ multiport sports 1:65535 0 0 VYATTA_PBR_10 udp -- * * 0.0.0.0/0 W.W.W.W /* SRC-PORT-SLB-10 */ multiport sports 1:65535 0 0 VYATTA_PBR_10 icmp -- * * 0.0.0.0/0 W.W.W.W /* SRC-PORT-SLB-20 */ 218 20026 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* SRC-PORT-SLB-10000 default-action accept */ set policy route SRC-PORT-SLB rule 10 destination address W.W.W.W set policy route SRC-PORT-SLB rule 10 protocol tcp_udp set policy route SRC-PORT-SLB rule 10 source port 1-65535 set policy route SRC-PORT-SLB rule 20 destination address W.W.W.W set policy route SRC-PORT-SLB rule 20 protocol icmp Chain VYATTA_PBR_10 (3 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x80000009 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 $ sudo ip rule list 0: from all lookup local set policy route SRC-PORT-SLB rule 10 set table 10 10: from all fwmark 0x80000009 lookup 10 set policy route SRC-PORT-SLB rule 20 set table 10‘ 32766: from all lookup main 32767: from all lookup default set protocols static table 10 route 0.0.0.0/0 next-hop R.R.R.R $ sudo ip route show table 10 default via R.R.R.R dev eth1 proto zebra Source: SAKURA Internet Research Center. 01/2013: Project THORN

×