Manualshelf

Technical data

ManualsBrandsSamsung ManualsFlat Panel TVPC680-ZA
41424344454647484950
3. Base configuration
In this case, network is the network address, /netmaskbits the net mask using the
CIDR (Page 40) notation and gateway the address of the router needed for accessing
the other network. Obviously, the gateway and the fli4l router are required to be in the
same network! For example, if the network 192.168.7.0 with net mask 55.255.255.0 can
be accessed through the gateway 192.168.6.99 you have to add the following entry:
IP_ROUTE_N='1'
IP_ROUTE_1='192.168.7.0/24 192.168.6.99'
If you use the fli4l router as a pure Ethernet router and not for routing Internet traffic,
you can use some IP_ROUTE_x variable for specifying a default route. In order to
achieve this, you have to specify ‘0.0.0.0/0’ for ‘network/netmaskbits’, as can be seen in
the following example.
IP_ROUTE_N='3'
IP_ROUTE_1='192.168.1.0/24 192.168.6.1'
IP_ROUTE_2='10.73.0.0/16 192.168.6.1'
IP_ROUTE_3='0.0.0.0/0 192.168.6.99'
3.10. The Packet Filter
The Linux kernel used by fli4l provides a packet filter which controls who is allowed to com-
municate with or through the Router. Furthermore, things like port forwarding (a packet
addressed to the router is forwarded to another internal computer) and masquerading (packets
sent from a computer behind the router are changed to look as if they came from the router
itself) can be realized.
The structure of the packet filter is shown in Figure 3.1.
Packets arrive over a network interface and pass through the PREROUTING-chain. Here the
packets addressed to the router are passed to another computer by changing destination address
and destination port. If the packet is addressed to the router it is sent to the INPUT-chain, if
not, to the FORWARD-chain. Both chains will check if the packet is permitted. If the packet is
accepted, it is delivered to the local destination process or passed via the POSTROUTING-chain
(in which packet masquerading is done) to the network interface by which it can reach its
target. Locally generated packets are filtered in the OUTPUT-chain and finally (if successfully)
also pass through the POSTROUTING-chain to the correct network interface.
With the packet filter configuration, the individual chains of the packet filter can be modi-
fied directly. An individual array exists for each chain, one for the INPUT-chain (PF_INPUT_%),
one for the FORWARD-chain (PF_FORWARD_%), one for the OUTPUT-chain (PF_OUTPUT_%), one for the
PREROUTING-chain (managing port forwarding) (PF_PREROUTING_%), and one for the POSTROUTING-
chain, managing packet masquerading (PF_POSTROUTING_%).
An entry in one of these arrays consists mainly of an action (see below) which can be
restricted by additional conditions. These conditions relate to properties of the considered
packet. A packet contains information about its origin (source PC that has sent the packet),
its target (to which PC and which application should the packet be delivered) and much more.
Conditions can refer to the following properties of a packet:
42