10.2. Overview of Routing and Packet Filter Interactions

One of the most difficult aspects of working with the advanced routing features of linux is gaining an understanding the sequence of events as a packet traverses the kernel space. It is, in fact, the key knowledge needed to grasp the potential of advanced routing scenarios and to troubleshoot successfully when things don't go as planned.

If you are reading this for the first time, stop now and go visit and study the kernel packet traveling diagram and the kernel packet handling diagram now. These represent two different efforts to describe the order in which different networking subsystems inside the linux kernel have an opportunity to inspect, manipulate and redirect a packet. Understanding this sequence of events is key to harnessing the power of linux networking.

Now, let's examine some of the different commands you can use to manipulate packets at each of these stages. The list below describes the sequence of events for a packet bound for a non-local destination.

Packet Traversal; Non-Local Destination

The above describes the sequence of events for packets passing through the linux routing device. Let's look at a similar descriptions of the paths that packets bound for local destinations take through the kernel.

Packet Traversal; Local Destination

Naturally, packets need to go out from the machine as well, so let's look at the path for outbound packets which were locally generated.

Packet Traversal; Locally Generated

[36] Leonardo calls this "dumb NAT" because the NAT performed by iproute2 at the routing stage is stateless.