Grant Edwards wrote:
I found shorewall and firestarter, but neither looked very useful to me:1) They're both designed for configuring firewalls, and I'm not building a firewall machine. 2) Neither seemed to have any way to specify port-based routing. So it looks like plain iptables is the way to go.
I'm not aware of any iptables front end that will also manager policy based routing which is Cisco-ese and maybe general Network-ese for what you're trying to do. However I would use shorewall (or whatever you prefer) to do most of the work and then insert your custom rules where they need to go. All policy routing regardless of actual implementation has you build an ACL of traffic you'd like messed with. Then you need to specify what happens to traffic that matches the ACL. However one thing the original how-to you linked left didn't completely spell out is NAT. You MUST NAT on each interface or you'll have all sorts of routing fun that does not work.
kashani -- gentoo-user@lists.gentoo.org mailing list
