From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tomas Bonnedahl Date: Thu, 06 Mar 2003 15:31:42 +0000 Subject: [LARTC] policy routing at its best Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org hello list (and martin) ;x i have now composed my final(?) policy routing design. the goals i had when beginning with this, for you that have not follow mine and martins thread, was to 1) only let 192.168.1/24 to see all routes, 2) not route between defined networks, except to and from 192.168.1/24 and 3) not defined networks should only be able to reach 192.168.1/24. this might sound simple. it wasnt for me. the solution i came up with, after days and days of thinking (and patience) was this: two routing tables, one called "ALL" that, suprisingly, held routes to all networks defined and a default route to internet. the other called "main", just for ease, that held one route to 192.168.1/24 and had a default prohibit. the one rule that exists just says "if src = 192.168.1/24 use table ALL". of course there is an additional rule, the standard one that says "from all lookup main" with a number of 32766. so, for you that doesnt understand my poor english, literally every network that passes, except from 192.168.1/24, will use the main table that just holds the route to 192.168.1/24 and the prohibit one. this so simple, something just has to be wrong. feel free to englighten me. please flame. best regards, tomas bonnedahl _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/