thanks for your reply martin, i am yet to read your paper. the reason for using policy routing is that i manage several networks and i do want some kind of control on who can access whose network. this i thought is best accomplished with policy routing using ip route and ip rule. if i want to allow hosts from network A to reach and talk to hosts on network C, but _not_ hosts on network B, is this best controlled by iptables? since i now probably need to specify the route to network B in that very table, i cannot deny network A hosts to talk to network B with ip, or can i? regards, tomas bonnedahl On Thu, Nov 28, 2002 at 04:30:47PM -0600, Martin A. Brown wrote: > Tomas, > > Perhaps you want a summary of how the kernel makes a routing decision? > > See my description of the route selection process: > > http://plorf.net/linux-ip/html/routing-selection.htm > > I'm not sure you need policy routing though... If network B is reachable > from network A, and the router for network B is directly connected to > network A but is not the default gateway, you'll have something sort of > like this: > > network-C via router-B > network-B via router-B > network-A dev ethX > default via default-gw > > Is this your configuration? If so, then you need no policy routing. > > -Martin > > On Thu, 28 Nov 2002, Tomas Bonnedahl wrote: > > : hello, a simple question; on a router, if I want network A to be routed > : to network C that goes through network B, using policy routing, do i > : need to specify a route to network B also, or could i just have routes > : to A and C in the routing table? > : > : the reason that im asking is because i dont know how the ip utility > : uses the main table together with antoher table. if i didnt use policy > : routing, just "regular", this would not work, but perhaps if not > : finding a route to network B, it checks the main table? > : > : > : please enlighten me. > : > : regards, > : > : tomas bonnedahl > : _______________________________________________ > : LARTC mailing list / LARTC@mailman.ds9a.nl > : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > : > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com > > > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
