LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-17-2006, 02:45 AM   #1
winxandlinx
Member
 
Registered: May 2006
Posts: 141

Rep: Reputation: 15
Three Tables in IPTABLES


hi everyone

iptables i can understand filter table and nat table

i cannot able to understand what is mangle

Please anyone can explain me that

Helping this issue will be greatly appricaited
 
Old 11-17-2006, 05:14 AM   #2
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
read this :-)

http://iptables-tutorial.frozentux.n...ml#MANGLETABLE
 
Old 11-17-2006, 06:53 AM   #3
winxandlinx
Member
 
Registered: May 2006
Posts: 141

Original Poster
Rep: Reputation: 15
ya i read it already

i cannot able to understand thats the reason posted here

Can you please tell me in your own way and also tell me where

and when it will be used in the real time

Helping this will be geratly appriciated

Thankswinxandlinx
 
Old 11-17-2006, 07:04 AM   #4
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
it says is right there on that page
Quote:
The following targets are only valid in the mangle table. They can not be used outside the mangle table.

* TOS
* TTL
* MARK


The TOS target is used to set and/or change the Type of Service field in the packet. This could be used for setting up policies on the network regarding how a packet should be routed and so on.
[...]

The TTL target is used to change the TTL (Time To Live) field of the packet. We could tell packets to only have a specific TTL and so on. One good reason for this could be that we don't want to give ourself away to nosy Internet Service Providers. Some Internet Service Providers do not like users running multiple computers on one single connection, and there are some Internet Service Providers known to look for a single host generating different TTL values, and take this as one of many signs of multiple computers connected to a single connection.

The MARK target is used to set special mark values to the packet. These marks could then be recognized by the iproute2 programs to do different routing on the packet depending on what mark they have, or if they don't have any. We could also do bandwidth limiting and Class Based Queuing based on these marks.
TOS is the TypeOfService of the packet
TTL is the TimeToLive of a packet
MARK is a marker you can assign to a packet

so what you get out of those 3 paragraphs is that you are changing information in the packet itself. (or in the case of MARK you are marking it to recognize the packet elsewhere again)

if you dont know what it means to change these fields in a packet or what you would do with this feature of iptables, then basically ignore the table MANGLE and you will be fine.

Last edited by Nathanael; 11-17-2006 at 07:07 AM.
 
Old 11-17-2006, 10:47 AM   #5
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 76
You didn't even mention the fourth netfilter table (raw), whose purpose is even more cryptic (to prevent tracking of high-volume types of packets).
 
Old 11-17-2006, 10:48 AM   #6
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
com'on dont confuse the poor guy :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
default iptables tables debic Linux - Networking 2 09-11-2007 05:43 PM
routing tables or forwarding through IPTABLES razan Linux - Networking 7 03-24-2005 11:15 PM
iptables and routing tables configuration intranet_man Linux - Networking 6 12-17-2004 05:59 AM
Using flat files or tables with IPTables? tarballed Linux - Security 1 12-09-2004 05:08 PM
An Important Q about routing tables and iptables!! Farhang Linux - Networking 2 07-26-2004 07:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration