Custom Search

Thursday, July 24, 2014

Howto Network gateway allow and deny packets

Howto gateway allow and deny packets

Gateway interface only allow certain packets to go through it, that is, if the routing table can't find the network which match the destination IP address of the packet.

Example:
* Your gateway interface is veth1

* IP of your gateway interface is 10.1.1.3

* Here the gateway interface veth1 only allow the packets which has destination IP address don't not match/belongs the networks added/defined in the routing table.

* So we need to add SNAT or MASQUERADE rule in the NAT table and change source IP of the packets and get the reply/ACK for the packets we sent.

* When you ping or wget/curl from our namespace "myns1" to different network (eg:ping 173.194.127.147 / www.google.com), the packets will go through the default gateway 10.1.1.3. But we will not get the response/reply back, if the routing table can't find the network for the source IP address of the packets.

http://fosshelp.blogspot.in/2014/07/introduction-to-network-namespace-and.html


No comments:

Post a Comment