Shulou(Shulou.com)05/31 Report--

Editor to share with you how the mangle application in iptables to achieve policy routing, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's learn about it!

Mangle table is mainly used to modify TOS (Type Of Service, type of service) and TTL (Time To Live, life cycle) of data packets and to set Mark tags for packets to achieve Qos (Quality Of Service) adjustment and policy routing and other applications. Because it needs the support of corresponding routing devices, it is not widely used.

The kernel module corresponding to the mangle table is iptable_mangle.

Modify the TTL value of the IP header to disguise the system version

You can modify the DSCP value of the IP packet header or set the transmission priority and bandwidth utilization of different QOS; services for specific data packets.

Here is a case study to illustrate practical and common uses:

Case 1.

Iptables gateway server three network cards: eth0 (Netcom ip:10.0.0.1), eth2 (telecom ip:20.0.0.1); eth3: gateway 192.168.10.1.

Requirements: the company's intranet requires ip within 192.168.10.1 to access the Internet using 10.0.0.1 gateway (Netcom), and other IP to use 20.0.0.1 (telecommunications) to access the Internet.

The iptables gateway server is configured as follows:

Ip route add default gw 20.0.0.1ip route add table 10 via 10.0.0.1 dev eth0#eth0 is the network card where 10.0.0.1 is located, 10 is the routing table number ip rule add fwmark 10 table 10#fwmark 10 is the tag, and table 10 is routing table 10. Data marked 10 is marked with table10 routing table iptables-A PREROUTING-t mangle-I eth3-s 192.168.10.1-192.168.10.100-j MARK-- set-mark 1 marker uses iptables to tag the corresponding data

The application order of mangle is higher than that of nat and filter.

Case 2.

Iptables gateway server three network cards: eth0 (Netcom ip:10.0.0.1), eth2 (telecom ip:20.0.0.1); eth3: gateway 192.168.10.1.

Requirements: the company's intranet requires employees to visit external website services; use 10.0.0.1 gateway to access the Internet (Netcom), other IP use 20.0.0.1 (telecom) to access the Internet

Iptables-t mangle-A PREROUTING-I eth3-p tcp-- dport 80-j MARK-- set-mark 20ip route add default gw 20.0.0.1ip route add table 20 via 10.0.0.1 dev eth0ip rule add fwmark 20 table 20 is all the contents of the article "how to implement Policy routing in mangle applications in iptables". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.