This option adds a `ROUTE' target, which enables you to setup unusualroutes. For example, the ROUTE lets you route a received packet through an interface or towards a host, even if the regular destination of the packet is the router itself. The ROUTE target is also able to change the incoming interface of a packet.The target can be or not a final target. It has to be used inside the mangle table.ROUTE target options:--oif ifname Send the packet out using `ifname' network interface.--iif ifname Change the packet's incoming interface to `ifname'.--gw ip Route the packet via this gateway.--continue Route the packet and continue traversing the rules.--tee Route a copy of the packet, but continue traversing the rules with the original packet, undisturbed.Note that --iif, --continue, and --tee, are mutually exclusive.Examples :# To force all outgoing icmp packet to go through the eth1 interface # (final target) :iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1 # To tunnel outgoing http packets and continue traversing the rules :iptables -A POSTROUTING -t mangle -p tcp --dport 80 -j ROUTE --oif tunl1 --continue # To forward all ssh packets to gateway w.x.y.z, and continue traversing# the rules :iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j ROUTE --gw w.x.y.z --continue # To change the incoming network interface from eth0 to eth1 for all icmp# packets (final target) :iptables -A PREROUTING -t mangle -p icmp -i eth0 -j ROUTE --iif eth1# To copy (duplicate) all traffic from and to a local ECHO server# to a second box (nonfinal target)iptables -A PREROUTING -t mangle -p tcp --dport 7 -j ROUTE --gw 1.2.3.4 --teeiptables -A POSTROUTING -t mangle -p tcp --sport 7 -j ROUTE --gw 1.2.3.4 --tee ROUTE target options:--oif ifname 通过`ifname' 网络界面发送数据包--iif ifname 改变包进入的网络界面到`ifname'.--gw ip 通过这个网关来路由这个包--continue 路由这个包并继续穿越后面的规则--tee Route a copy of the packet, but continue traversing the rules with the original packet, undisturbed.注意 --iif, --continue, and --tee, 是互相排斥的。例子: iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1 强制所有的流出icmp包通过eth1界面 iptables -A POSTROUTING -t mangle -p tcp --dport 80 -j ROUTE --oif tunl1 --continue 强制流出的http包通过tunl1并继续后面的规则 iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j ROUTE --gw w.x.y.z --continue 转发所有的ssh包到网关w.x.y.z,同时穿越规则iptables -A PREROUTING -t mangle -p icmp -i eth0 -j ROUTE --iif eth1改变进入网络界面eth0所有的icmp包到eth1上iptables -A PREROUTING -t mangle -p tcp --dport 7 -j ROUTE --gw 1.2.3.4 --teeiptables -A POSTROUTING -t mangle -p tcp --sport 7 -j ROUTE --gw 1.2.3.4 --tee复制(镜像)特定源和目的地址的流量到本地的一个ECHO 服务器 天~~,就需要这东西呢。gated成了商业软件,连华为都买了它的许可。我都不知道用什么做了。谢谢老大。包在哪儿下? http://ftp.netfilter.org/pub/patch-o-matic...0050223.tar.bz2 thanks~一直没怎么看这个站点。 patch-o里还有n多好东东!iplimit限制同一ip连接数量,iprate限制速率,这下可以不用TC了!还有n多,我都记不清了,但我没在Fedora core3成功编译核心哪天有空了在Redhat AS4再来试试. 没有看懂,呵呵,:说笑。。。好东西收藏。。。顺便做到 IPCOP 里去,编译内核我不怎么会,还是请老大做做哈。 老大。。。这句话不太明白。。
QUOTE
and continue traversing the rules
字面的意思是继续通过(穿越)规则。到底是继续应用后面的规则还是略过后面的规则?我感觉应该是继续应用后面的规则。 不知是用来干什么的
顶了再说
回复 #1 想得太美 的帖子
我现在正在编译ROUTE模块,也是这样想的.估计两个一个钟头后就可以得到该模块了.准本建立文件夹 http://219.223.96.9/wuhuashan 名字为" 测试开发区 ",提供给做试验的朋友下载.
感谢提供资料.
回复 #11 aijun 的帖子
已经编译出来了,爱好者可以做试验,仅供参考.
页:
[1]