Hi List,
I am looking to run iptables on an embedded powerpc system.
It?s the first time I?ll be using it. I need to have a few confusions cleared out.
There are three ethernet interfaces on the system: eth0, eth1 and eth2.
___________________________________
| |
| ___________ |
| | | |
| | Powerpc | |
| | eth2 |
| | | |
| |_eth0_eth1_| |
| |
| _______ ________ |
|_______| |_______| |___|
eth0 eth1
eth0 and eth1 are external interfaces to the system. eth2 is internal.
eth2 is connected to another L2 switch on the same board behind which are 8 DSPs.
For now do not consider eth1. There are only 2 interfaces eth0 and eth2.
I need to forward UDP packets received on eth0 to eth2 and send them to a particular DSP, and also forward packets received on eth2 to eth0.
General rule: All outgoing packets from eth0 should have src ip = eth0 ip.
Example rules:
Rule 1: a)Packets received on eth0 with src IP address = X, dest port = 8000 should be sent to DSP1, port = 8000.
b)Packets received on eth2 (i.e from the L2switch) with src IP = DSP1 IP OR dest IP = X, dest port = 10000 should be sent on eth0 to IP address X, port = 10000.
Rule 2: a)Packets received on eth0 with src IP address = Y, dest port = 9000 should be sent to DSP2, port = 9000.
b)Packets received on eth2 (i.e from the L2switch) with src ip = DSP2 IP OR dest IP = Y, dest port = 11000 should be sent on eth0 to IP address Y, port = 11000.
I will have a maximum of 256 such rules i.e effectively 256*2 = 512 rules. (256 for packets received on eth0, 256 for packets received on eth2)
I am assuming that a packet is received every 20 ms on eth0 and eth2 for a single rule.
So for a total of 256, 256 packets are received every 20 ms on eth0 and 256 packets are received every 20 ms on eth2.
Or I can make eth2 IP address as the default gateway of all the DSPs. The DSPs will send packets with dest IP address = X, Y etc. These packets should be sent out through eth0 and should have source IP = eth0. This will eliminate rules 1b and 2b above. Thus, packet filtering to read src IP and dest port will only be on eth0. Now total rules will be 256.
The processor will be running at 400 MHz, 256 MB DDR2 RAM using Linux kernel 2.6.10.
Will it be able to do this task and also run the main application? How much resources will iptables require?
Regards,
Elison
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
