how the iptables affect?

IaMaPlAyEr iamaplayer at gmail.com
Thu Apr 2 01:55:15 UTC 2009 

Hi,

==========================
On Wed, Apr 1, 2009 at 11:12 PM, Thomas Liske <liske at ibh.de> wrote:
Hi,

IaMaPlAyEr schrieb:
> recently, I study the iptables, and was confused by the position of tun in
> coova-chilli.
>
> just like this big picture:
>
> http://iptables-tutorial.frozentux.net/images/tables_traverse.jpg
>
> the normal process of the route is just like this:
>
> wire --->>> eth1 --->>> mangle prerouting -->> nat prerouting --->> route
> decision --->>....------->>>nat prerouting -->>> eth0
>
> but in coova-chilli, there is a net device TUN, it connect the eth1 to
eth0?
> where is it in such a normal firewall process?

> chilli bypasses the kernel network stack on eth1 (where the clients
> reside). It check if IP packets of the client is allowed to pass (i.e.
> is it a walled garden destination or is the client authorized etc.) - if
> true, it pushes the packet into the kernel via the tun interface.
> The default iptables rule set loaded by chilli's up.sh drop any incoming
> packets on eth1 silently (so the kernel network stack ignores them).
> This has no effect on chilli which sniffs on eth1. Packets from eth0
> which goes to the clients well be routed into tun0, which will processed
> by chilli and put on the "eth1-wire" (bypassing the kernel network stack
> again).
========================




Thomas Liske

Great thanks for your explaination.
There is a route table item, Oh, I understand.
I know the up.sh set some iptables rules and also make a delete backup on
chilli.iptables.
I still find in doc directory, there is a file named firewall.iptables, it
seems to make some default iptables options, it is only the reference for
users? or some other purpose?

BTW, although I am not fully understand coova-chilli or chilli, the more I
read the code , the more sophisticate I find--------- It combine the shell,
iptables, drivers, nettools....so amazing


-- 
--
Sincerly,

HaveF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090402/d413455b/attachment.htm>

More information about the Chilli mailing list