Fabien Ribes wrote:
> That's the point, I would like asymetrical routing between emission and
> reception. As far as I understand routing, such a criteria cannot be
> taken into account, ie packets are all processed the same way, and are
> routed according to routing table, no matter originating inteface/local
> process ... true ?
With "policy routing" this creteria CAN be taken into account, however
what you are asking is not policy routing. "policy routing" is really
"policy forwarding" as I understand it, the policy only has any affect
at the "FORWARD" part of the diagram below. The only device exercising
that part of the diagram is the FIREWALL host, as it moves packets from
one interface to the other.
My understanding is that:
----> INPUT ----> Is this local? (No) -----> FORWARD -------+----->
OUTPUT --->
(Yes) ^
| |
v |
PREROUTING POSTROUTING
| ^
| |
| (No)
+------> [Local IP stack] ---> Is my packet
local?
^ (Yes)
| |
| |
+----------------<---------------+
(iface: lo)
Your problem at the moment is that "Is my packet local?" decision when a
packet leaves "Local IP stack" can not be configured in a way that would
make what you want happen.
I'm not sure if you really mean "asymetrical routing" in your comment
above, maybe you mean "an asymetrical path within the linux kernel" ?
Since "asymetrical routing" in your scenario would mean the packets in
one direction flow through FIREWALL while in the other via the loopback
interface of HOST.
--
Darryl Miles
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
