[NBLUG/talk] Linux as router

Osiris Pedroso opedroso at swoptimizer.com
Mon Nov 1 15:10:47 PST 2004 

Thanks Troy!

Great link! Lots os stuff in there.

One important thing that I learned in that article is that setting
/proc/sys/net/ipv4/ip_forward will actually reset all other ipv4 settings
(according to the article), so if we set it, it should be the first one of
them.

Thanks again,

Osiris Pedroso
--
Ph: (707) 658-3500
AOL AIM: osirisPedroso
http://www.SWoptimizer.com
 
 
-----Original Message-----
From: troy [mailto:fryman at sonic.net] 
Sent: Monday, November 01, 2004 12:48 PM
To: opedroso at swoptimizer.com; General NBLUG chatter about anything Linux,
answers to questions, etc.
Subject: Re: [NBLUG/talk] Linux as router

On Mon, Nov 01, 2004 at 09:25:14AM -0800, Osiris Pedroso wrote:
> Good morning,
> 
> I would like to understand a bit more about iptables and wonder if any of
> you could help me.
> 
> In IPTABLES, there are three main queues of packets, namely INPUT, FORWARD
> and OUTPUT.
> 
> I believe:
> 
> *	INPUT and OUTPUT exist for both eth0 and eth1, but FORWARD is shared
> between the two.
> *	When testing packets in the INPUT queue, only the input interface
> can be tested for, the output interface won't be set.
> *	When testing packets in the OUTPUT queue, only the output interface
> can be tested for, the input interface won't be set.

The above seems exactly right to me.  I'm no whiz, however, so I could
definitely be missing some subtlety.

> *	Unless "echo 1 > /proc/sys/net/ipv4/ip_forward" is executed, packets
> will not be forwarded from one interface to the other.

Correct.

> One more related question:
> 
> *	Does TCPDUMP show only arriving packets or does it also show packets
> being emitted from the interface being watched? Maybe I am using the
> wrong tool to watched the traffic go by.

tcpdump is like the old party line phones -- you can hear everything
that goes across the wire.  The arguments to tcpdump are many and
varied, but, I think, pretty intuitive:

#all traffic to and from 192.168.1.1
tcpdump host 192.168.1.1
#all traffic to and from 192.168.1.1 but not ssh
tcpdump host 192.168.1.1 and not port 22 
#all port 80 traffic (web)
tcpdump port 80

Note that that last command won't show you both sides of the HTTP
conversation -- the request comes in on port 80, but leaves on a
different port.

Another great tool is ethereal, whose former motto was, "Sniffing the
glue that holds the Internet together"

A great feature with ethereal is "decoding tcp streams", i.e.
reassembling the packets in a given conversation and showing them to you
in human readable form.

This is a pretty good article:
http://www.linuxsecurity.com/articles/network_security_article-4528.html

-troy

More information about the talk mailing list