LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

tweaks while editing routing; entities

This commit is contained in:
mabrown 2003-02-20 07:22:03 +00:00
parent 618b1c7dcf
commit 07e4bfa915
14 changed files with 219 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
LDP/guide/docbook/linux-ip/advanced-routing.xml
View File

@ -69,7 +69,7 @@
<footnote>
<para>
Leonardo calls this "dumb NAT" because the NAT performed by
<command>iproute2</command> at the routing stage is stateless.
&iproute2; at the routing stage is stateless.
</para>
</footnote>.
</para>
@ -276,7 +276,7 @@
can assist in managing multiple Internet connections. We'll outline
here some of the more common setups involving multiple Internet
connections and how to manage them with <command>iptables</command>,
<command>ipchains</command>, and <command>iproute2</command>. One of
<command>ipchains</command>, and &iproute2;. One of
the first distinctions you can make when planning how to use multiple
Internet connections is what inbound services you expect to host and
how you want to split traffic over the multiple links.
@ -512,7 +512,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
<xref linkend="adv-routing-fwmark"/>.
</para>
<para>
<command>iproute2</command> supports the use of fwmark as a selector
&iproute2; supports the use of fwmark as a selector
for rule lookups, so we can use fwmarks in the routing policy
database to cause packets to be conditionally routed based on that
fwmark. This can lead to great complexity if a machine has multiple
@ -522,7 +522,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
<para>
A convention I find sensible is to use the same number for a routing
table and fwmark where possible. This simplifies the maintenance of
the systems which are using <command>iproute2</command> and fwmark,
the systems which are using &iproute2; and fwmark,
especially if the table identifier and fwmark are set in a
configuration file with the same variable name. Since we are
testing this on the command line, we'll just make sure that we can
@ -620,7 +620,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
we'll discuss how this client IP would reach each of the services
published on &masq-gw;'s two public networks. The IPs used for
the services will be 67.17.28.10 and 205.254.211.17.
Now, whether you are using NAT with <command>iproute2</command> or
Now, whether you are using NAT with &iproute2; or
with iptables, you'll run across the problem here outlined. Here
is the flow of the packet through &masq-gw; to the server and back
to the client.
@ -639,7 +639,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
packet is accepted, rewritten, and routed; from 64.70.12.210 to
192.168.100.17; if <command>iptables</command> DNAT,
packet is rewritten in PREROUTING chain of nat table, then
routed; if <command>iproute2</command>, packet is routed and
routed; if &iproute2;, packet is routed and
rewritten simultaneously
</para>
</listitem>
@ -661,7 +661,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
<listitem>
<para>
routing decision is made; default route (via 205.254.211.254) is
selected; if <command>iproute2</command> is used, packet is
selected; if &iproute2; is used, packet is
also rewritten from 67.17.28.10 to 64.70.12.210
</para>
</listitem>
@ -706,7 +706,7 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
</para>
<example id="ex-adv-multi-internet-inbound">
<title>Multiple Internet links, inbound traffic; using
<command>iproute2</command> only
&iproute2; only
<footnote>
<para>
This example makes no reference to packet filtering. If you are

79
LDP/guide/docbook/linux-ip/basic.xml
View File

@ -405,14 +405,6 @@ round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
</para>
<example id="ex-basic-ping-non-local">
<title>Testing reachability of non-local hosts</title>
<programlistingco>
<areaspec>
<area id="ex-bpnl-tristan-out" coords="8"/>
<area id="ex-bpnl-masq-gw-out" coords="9"/>
<area id="ex-bpnl-wan-gw-in" coords="11"/>
<area id="ex-bpnl-masq-gw-in" coords="12"/>
<area id="ex-bpnl-tristan-in" coords="13"/>
</areaspec>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>ping -R -c 1 -n 205.254.211.254</userinput>
<computeroutput>PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
@ -421,50 +413,59 @@ round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
1 packets transmitted, 0 packets received, 100% packet loss
PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
64 bytes from 205.254.211.254: icmp_seq=0 ttl=255 time=238 usec
RR: 192.168.99.35
205.254.211.179
RR: 192.168.99.35 <co id="ex-bpnl-tristan-out" linkends="ex-bpnl-tristan-out-text"/>
205.254.211.179 <co id="ex-bpnl-masq-gw-out" linkends="ex-bpnl-masq-gw-out-text"/>
205.254.211.254 <co id="ex-bpnl-wan-gw-in" linkends="ex-bpnl-bpnl-wan-gw-in-text"/>
205.254.211.254
205.254.211.254
192.168.99.254
192.168.99.35
192.168.99.254 <co id="ex-bpnl-masq-gw-in" linkends="ex-bpnl-masq-gw-in-text"/>
192.168.99.35 <co id="ex-bpnl-tristan-in" linkends="ex-bpnl-tristan-in-text"/>
--- 192.168.99.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
</programlisting>
<calloutlist>
<callout arearefs="ex-bpnl-tristan-out">
<para>
As the packet passes through the IP stack on &tristan;,
before hitting the ethernet, &tristan; adds its IP to the
list of IPs in the option field in the header.
</para>
<callout
arearefs="ex-bpnl-tristan-out"
id="ex-bpnl-tristan-out-text">
<simpara>
As the packet passes through the IP stack on &tristan;,
before hitting the ethernet, &tristan; adds its IP to the
list of IPs in the option field in the header.
</simpara>
</callout>
<callout arearefs="ex-bpnl-masq-gw-out">
<para>
This is &masq-gw;'s public IP address.
</para>
<callout
arearefs="ex-bpnl-masq-gw-out"
id="ex-bpnl-masq-gw-out-text">
<simpara>
This is &masq-gw;'s public IP address.
</simpara>
</callout>
<callout arearefs="ex-bpnl-wan-gw-in">
<para>
Our intended destination! (Anybody know why there are
two entries in the record route output?)
</para>
<callout
arearefs="ex-bpnl-wan-gw-in"
id="ex-bpnl-bpnl-wan-gw-in-text">
<simpara>
Our intended destination! (Anybody know why there are
two entries in the record route output?)
</simpara>
</callout>
<callout arearefs="ex-bpnl-masq-gw-in">
<para>
This is &masq-gw;'s private IP address.
</para>
<callout
arearefs="ex-bpnl-masq-gw-in"
id="ex-bpnl-masq-gw-in-text">
<simpara>
This is &masq-gw;'s private IP address.
</simpara>
</callout>
<callout arearefs="ex-bpnl-tristan-in">
<para>
And finally, &tristan; will add its IP to the option field
in the header of the IP packet just before the packet
reaches the calling <command>ping</command> program.
</para>
<callout
arearefs="ex-bpnl-tristan-in"
id="ex-bpnl-tristan-in-text">
<simpara>
And finally, &tristan; will add its IP to the option field
in the header of the IP packet just before the packet
reaches the calling <command>ping</command> program.
</simpara>
</callout>
</calloutlist>
</programlistingco>
</example>
<para>
By testing reachability of the local network 192.168.99.0/24 and

111
LDP/guide/docbook/linux-ip/ether.xml
View File

@ -19,7 +19,7 @@
<filename>net/ipv4/conf/$DEV/medium_id</filename>, and
<filename>net/ipv4/conf/$DEV/hidden</filename>. For even
finer control of ARP requests than is available in stock kernels,
there are kernel and <command>iproute2</command> patches.
there are kernel and &iproute2; patches.
</para>
<para>
Bridging, once the realm of hardware devices, can also be performed by a
@ -203,7 +203,7 @@
<para>
To display the ARP cache, the venerable and cross-platform
<command>arp</command> admirably dispatches its duty. As with many of
the <command>iproute2</command> tools, more information is available
the &iproute2; tools, more information is available
via <command>ip neighbor</command> than with <command>arp</command>.
<xref linkend="ex-ether-arp-cache"/> below illustrates the differences
in the output between the output of these two different tools.
@ -307,73 +307,74 @@
</para>
<example id="ex-ether-arp-cache-timeout">
<title>ARP cache timeout</title>
<programlistingco>
<areaspec>
<area id="ex-eact-reachable" coords="2"/>
<area id="ex-eact-stale" coords="4"/>
<area id="ex-eact-delay" coords="6"/>
<area id="ex-eact-probe" coords="8"/>
<area id="ex-eact-incomplete" coords="10"/>
</areaspec>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>ip neighbor show 192.168.99.7</userinput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud reachable</computeroutput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud reachable <co id="ex-eact-reachable" linkends="ex-eact-reachable-text"/></computeroutput>
<prompt>[root@tristan]# </prompt><userinput>ip neighbor show 192.168.99.7</userinput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud stale</computeroutput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud stale <co id="ex-eact-stale" linkends="ex-eact-stale-text"/></computeroutput>
<prompt>[root@tristan]# </prompt><userinput>ip neighbor show 192.168.99.7</userinput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud delay</computeroutput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud delay <co id="ex-eact-delay" linkends="ex-eact-delay-text"/></computeroutput>
<prompt>[root@tristan]# </prompt><userinput>ip neighbor show 192.168.99.7</userinput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud probe</computeroutput>
<computeroutput>192.168.99.7 dev eth0 lladdr 00:80:c8:e8:1e:fc nud probe <co id="ex-eact-probe" linkends="ex-eact-probe-text"/></computeroutput>
<prompt>[root@tristan]# </prompt><userinput>ip neighbor show 192.168.99.7</userinput>
<computeroutput>192.168.99.7 dev eth0 nud incomplete</computeroutput>
<computeroutput>192.168.99.7 dev eth0 nud incomplete <co id="ex-eact-incomplete" linkends="ex-eact-incomplete-text"/></computeroutput>
</programlisting>
<calloutlist>
<callout arearefs="ex-eact-reachable">
<para>
Before the entry has expired for 192.168.99.7, but after the
host has been disconnected from the network. During this
time, &tristan; will continue to send out ethernet frames with
the destination frame address set to the link layer address
according to this entry.
</para>
<callout
arearefs="ex-eact-reachable"
id="ex-eact-reachable-text">
<simpara>
Before the entry has expired for 192.168.99.7, but after the
host has been disconnected from the network. During this
time, &tristan; will continue to send out ethernet frames with
the destination frame address set to the link layer address
according to this entry.
</simpara>
</callout>
<callout arearefs="ex-eact-stale">
<para>
It has been <constant>gc_stale_time</constant> seconds since
the entry has been verified, so the state has changed to
stale.
</para>
<callout
arearefs="ex-eact-stale"
id="ex-eact-stale-text">
<simpara>
It has been <constant>gc_stale_time</constant> seconds since
the entry has been verified, so the state has changed to
stale.
</simpara>
</callout>
<callout arearefs="ex-eact-delay">
<para>
This entry in the neighbor table has been requested. Because
the entry was in a stale state, the link layer address was
used, but now the kernel needs to verify the accuracy of the
data. The kernel will soon send an ARP request for the
destination IP address.
</para>
<callout
arearefs="ex-eact-delay"
id="ex-eact-delay-text">
<simpara>
This entry in the neighbor table has been requested.
Because the entry was in a stale state, the link layer
address was used, but now the kernel needs to verify
the accuracy of the data. The kernel will soon send
an ARP request for the destination IP address.
</simpara>
</callout>
<callout arearefs="ex-eact-probe">
<para>
The kernel is actively performing address resolution for the
entry. It will send a total of
<constant>ucast_solicit</constant> frames to the last known
link layer address to attempt to verify reachability of the
address. Failing this, it will send
<constant>mcast_solicit</constant> broadcast frames before
altering the ARP cache state and returning an error to any
higher layer services.
</para>
<callout
arearefs="ex-eact-probe"
id="ex-eact-probe-text">
<simpara>
The kernel is actively performing address resolution for the
entry. It will send a total of
<constant>ucast_solicit</constant> frames to the last known
link layer address to attempt to verify reachability of the
address. Failing this, it will send
<constant>mcast_solicit</constant> broadcast frames before
altering the ARP cache state and returning an error to any
higher layer services.
</simpara>
</callout>
<callout arearefs="ex-eact-incomplete">
<para>
After all attempts to reach the destination address have
failed, the entry will appear in the neighbor table in this
state.
</para>
<callout
arearefs="ex-eact-incomplete"
id="ex-eact-incomplete-text">
<simpara>
After all attempts to reach the destination address have
failed, the entry will appear in the neighbor table in this
state.
</simpara>
</callout>
</calloutlist>
</programlistingco>
</example>
<para>
The remaining neighbor table flags are visible when inital ARP

6
LDP/guide/docbook/linux-ip/intro.xml
View File

@ -146,13 +146,13 @@
example of the difference between linux only tools and generally available
unix-like tools is the difference between the traditional
<command>ifconfig</command> and <command>route</command> commands,
available under most variants of unix, and the <command>iproute2</command>
available under most variants of unix, and the &iproute2;
command suite, written specificially for linux.
</para>
<para>
Because this guide concerns itself with the features, strengths, and
peculiarities of IP networking with linux, the <command>iproute2</command>
command suite assumes a prominent role. The <command>iproute2</command>
peculiarities of IP networking with linux, the &iproute2;
command suite assumes a prominent role. The &iproute2;
tools expose the strength, flexibility and potential of the linux
networking stack.
</para>

8
LDP/guide/docbook/linux-ip/links.xml
View File

@ -217,7 +217,7 @@
</listitem>
<listitem>
<para>
If your copy of <command>iproute2</command> did not get packaged
If your copy of &iproute2; did not get packaged
with <filename>ip-cref.ps</filename> or if you prefer online HTML,
the command reference is available
<foreignphrase>in toto</foreignphrase> as
@ -233,9 +233,9 @@
<listitem>
<para>
Julian Anastasov has been working on many aspects of traffic
control and advanced routing with the <command>iproute2</command>
control and advanced routing with the &iproute2;
package. He has provided a large number of patches to
<command>iproute2</command> and some documentation with
&iproute2; and some documentation with
for the linux virtual server (LVS) in addition to a great deal of
code for LVS. See his <ulink
url="http://www.linuxvirtualserver.org/~julian/">main
@ -648,7 +648,7 @@
</listitem>
<listitem>
<para>
The <command>iproute2</command> package provides command-line
The &iproute2; package provides command-line
support for the full functionality of the linux IP stack. This
package, written by Alexey Kuznetsov, is available
<ulink url="ftp://ftp.inr.ac.ru/ip-routing/">here</ulink> and is

57
LDP/guide/docbook/linux-ip/linux-ip.css
View File

@ -3,39 +3,62 @@ a:visited { color: #009900 ; text-decoration: none ; }
a:hover { color: #009900 ; text-decoration: underline ; }
a:active { color: #009900 ; text-decoration: underline ; }
a.local:link { color: #009900 ; text-decoration: none ; }
a.local:visited { color: #009900 ; text-decoration: none ; }
a.local:hover { color: #009900 ; text-decoration: underline ; }
a.local:active { color: #009900 ; text-decoration: underline ; }
a.nonlocal:link { color: #0000ff ; text-decoration: none ; }
a.nonlocal:visited { color: #0000ff ; text-decoration: none ; }
a.nonlocal:hover { color: #0000ff ; text-decoration: underline ; }
a.nonlocal:active { color: #0000ff ; text-decoration: underline ; }
BODY {
color: black ;
font-size: 1.0em ;
font-family: "New Century Schoolbook", Times, serif ;
color : black ;
/* font-size : 1.0em ; */
font-family : "New Century Schoolbook", Times, serif ;
}
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/* */
/* variable list attributes */
/* */
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
div.variablelist {
margin : 1em 5% 1em 5% ;
}
.variablelist .term {
font-weight: bold ;
font-weight : bold ;
}
.variablelist .emphasis {
font-weight : bold ;
}
p.copyright {
padding-left: 1.0em ;
padding-right: 1.0em ;
margin: 0em 0% 0.2em 0% ;
font-size: 0.7em ;
font-family: Verdana, Arial, Helvetica ;
text-align: right ;
color: #808080 ;
padding-left : 1.0em ;
padding-right : 1.0em ;
margin : 0em 0% 0.2em 0% ;
font-size : 0.7em ;
font-family : Verdana, Arial, Helvetica ;
text-align : right ;
color : #808080 ;
}
.revhistory {
padding-left : 0.5em ;
padding-right : 0.5em ;
margin : 0em 0% 0.2em 0% ;
font-size : 0.5em ;
/* font-family : Verdana, Arial, Helvetica ; */
text-align : right ;
color : #808080 ;
}
.calloutlist {
padding-left: 0.5em ;
padding-right: 0.5em ;
margin: 0em 0% 0.2em 0% ;
font-size: 0.5em ;
/* font-family: Verdana, Arial, Helvetica ; */
text-align: right ;
color: #808080 ;
}

6
LDP/guide/docbook/linux-ip/linux-ip.xml
View File

@ -17,6 +17,12 @@
<!-- some entitiies used in the code....should probably be shoved
into another file someplace else -->
<!ENTITY local "<constant>local</constant>" >
<!ENTITY main "<constant>main</constant>" >
<!ENTITY src "<constant>src</constant>" >
<!ENTITY fwmark "<constant>fwmark</constant>" >
<!ENTITY iproute2 "<command>iproute2</command>" >
<!ENTITY wan-gw
'<systemitem class="systemname">wan-gw</systemitem>' >
<!ENTITY masq-gw

36
LDP/guide/docbook/linux-ip/nat.xml
View File

@ -12,7 +12,7 @@
This chapter will introduce two types of NAT available under linux. One,
<link linkend="nat-stateless">full NAT or stateless NAT</link>, is
available under kernel 2.2 and kernel 2.4 via the
<command>iproute2</command> userspace interface. Available only under
&iproute2; userspace interface. Available only under
kernel 2.4,
<link linkend="nat-dnat">destination NAT (DNAT)</link> is an important
derivative of full NAT. DNAT configuration from userspace is accomplished
@ -138,7 +138,7 @@
<para>
Providing inbound services via NAT can be accomplished in several
different ways. Two common techniques are to use
<command>iproute2</command> NAT and netfilter DNAT.
&iproute2; NAT and netfilter DNAT.
Less common (and possibly less desirable) one can use port redirection
tools. Depending on which tool is employed,
different characteristics of a packet can trigger the address
@ -146,7 +146,7 @@
</para>
<para>
The simplest form of NAT under linux is
<link linkend="nat-stateless"><command>iproute2</command> NAT</link>.
<link linkend="nat-stateless">&iproute2; NAT</link>.
This type of NAT requires two matching commands, one to cause the kernel
to rewrite the inbound packets (<userinput>ip route add nat $NATIP
via $REAL</userinput>)
@ -155,7 +155,7 @@
retain no state for connections. It will simply transform any packets
passing through. By contrast, netfilter is capable of retaining state
on connections passing through the router and selecting packets more
granularly than is possible with only <command>iproute2</command> tools.
granularly than is possible with only &iproute2; tools.
</para>
<para>
Before the advent of the netfilter engine in the linux kernel, there
@ -256,15 +256,15 @@
NAT. It involves rewriting addresses passing through a
routing device: outbound packets will undergo source address rewriting
and inbound packets will undergo destination address rewriting. The
<command>iproute2</command> suite of tools provides the two commands
&iproute2; suite of tools provides the two commands
required to configure the kernel to perform network address translation
on packets passing through the machine. This section will cover only
stateless NAT, which can only be accomplished under linux with the
<command>iproute2</command> tools, although it can be
&iproute2; tools, although it can be
<link linkend="ex-nat-dnat-full">simulated with netfilter</link>.
</para>
<para>
Creating an <command>iproute2</command> NAT mapping has the side
Creating an &iproute2; NAT mapping has the side
effect of causing the kernel to answer ARP requests for the NAT IP.
For more detail on ARP filtering, suppression and conditional ARP, see
<xref linkend="ch-ether"/>. This can be considered alternatively a
@ -277,8 +277,8 @@
</para>
<para>
Whether or not it is using a packet filter, a linux machine can perform
NAT using the <command>iproute2</command> suite of tools. This chapter
will document the use of <command>iproute2</command> tools for NAT with
NAT using the &iproute2; suite of tools. This chapter
will document the use of &iproute2; tools for NAT with
<link linkend="nat-stateless-simple">a simple example</link> and
<link linkend="nat-stateless-howto">an explanation of the required
commands</link>, then an example of
@ -467,7 +467,7 @@
</para>
</section>
<section id="nat-stateless-rpdb">
<title><command>iproute2</command> NAT with Multiple Private
<title>&iproute2; NAT with Multiple Private
Networks</title>
<para>
Naturally, NAT introduces a complexity to the network in which it is
@ -550,7 +550,7 @@
</section>
</section>
<section id="nat-stateless-pf-interaction">
<title>Using a packet filter with <command>iproute2</command> NAT</title>
<title>Using a packet filter with &iproute2; NAT</title>
<para>
Because NAT rewrites the packet as it passes through your linux box,
packet filtering can become complex. With attentiveness to the
@ -574,11 +574,11 @@
<para>
Let's examine the IP addresses on a packet traversing each of the input,
forward and output chains in an <command>ipchains</command>
installation as it is operated upon by the <command>iproute2</command>
installation as it is operated upon by the &iproute2;
NAT code.
</para>
<table id="tb-nat-pf-ipchains">
<title>Filtering an <command>iproute2</command> NAT packet with
<title>Filtering an &iproute2; NAT packet with
<command>ipchains</command></title>
<tgroup cols="3" align="center" colsep="1" rowsep="1">
<colspec colname="c1"/>
@ -733,10 +733,10 @@
<para>
These rules are the minimum set of <command>ipchains</command> rules
needed to support a NAT'd TCP service. This concludes our discussion of
publishing a service to the world with <command>iproute2</command> based
publishing a service to the world with &iproute2; based
NAT and protecting the service with <command>ipchains</command>. As you
can see, the complexity of supporting NAT with
<command>iproute2</command> can be substantial, which is why we'll
&iproute2; can be substantial, which is why we'll
examine the benefits of inbound NAT (DNAT) with netfilter in the next
section.
</para>
@ -756,7 +756,7 @@
<para>
In a devilishly subtle difference, netfilter DNAT does not cause the
kernel to answer ARP requests for the NAT IP, where
<command>iproute2</command> NAT automatically begins answering ARP
&iproute2; NAT automatically begins answering ARP
requests for the NAT IP. If the NAT IP is in a locally
</para>
<example id="ex-nat-dnat-all">
@ -799,7 +799,7 @@
</para>
<para>
Full network address translation, as performed with
<command>iproute2</command> can be simulated with both netfilter
&iproute2; can be simulated with both netfilter
SNAT and DNAT, with the potential benefit (and attendent resource
consumption) of connection tracking.
</para>
@ -842,7 +842,7 @@
</para>
<para>
PAT address translation has one important benefit over NAT (with the
<command>iproute2</command> tools). Let's assume that you have only
&iproute2; tools). Let's assume that you have only
five public IP addresses for which you have paid dearly. Additionally,
let's assume that you want to run services on standard ports. You had
hoped to connect four SMTP servers, two SSH servers and five HTTP servers.

2
LDP/guide/docbook/linux-ip/pat.xml
View File

@ -24,7 +24,7 @@
</para>
<para>
PAT address translation has one important benefit over NAT (with the
<command>iproute2</command> tools). Let's assume that you have only
&iproute2; tools). Let's assume that you have only
five public IP addresses for which you have paid dearly. Additionally,
let's assume that you want to run services on standard ports. You had
hoped to connect four SMTP servers, two SSH servers and five HTTP servers.

4
LDP/guide/docbook/linux-ip/scripts.xml
View File

@ -16,8 +16,8 @@
<link linkend="ether-arp-proxy-kernel">enable it in your 2.4
kernel</link>. If you require more control than afforded by the kernel
proxy ARP functionality and you wish to recompile
<command>iproute2</command> and your kernel, you can use the
<command>iproute2</command> extension,
&iproute2; and your kernel, you can use the
&iproute2; extension,
<link linkend="ether-arp-filtering"><command>ip arp</command></link>.
Otherwise, you might try this script.
</para>

14
LDP/guide/docbook/linux-ip/tools-ethernet.xml
View File

@ -241,7 +241,7 @@ Received 2 response(s)</computeroutput>
<section id="tools-ip-link">
<title><command>ip link</command></title>
<para>
Part of the <command>iproute2</command> suite, <command>ip
Part of the &iproute2; suite, <command>ip
link</command> provides the ability to
<link linkend="tools-ip-link-show">display link layer
information</link>,
@ -397,7 +397,7 @@ Received 2 response(s)</computeroutput>
<para>
Users who would like more information about flags on link layer
devices and their meanings should refer to Alexey Kuznetsov's
excellent <command>iproute2</command> reference. See the
excellent &iproute2; reference. See the
<xref linkend="links-iproute2"/> for further links.
</para>
</section>
@ -518,9 +518,9 @@ default via 192.168.99.254 dev eth0</computeroutput>
<title>Using <command>ip link set</command> to change the MTU</title>
<para>
Changing the MTU on an interface is a classical example of an
operation which, prior to the arrival of <command>iproute2</command>
operation which, prior to the arrival of &iproute2;
one could only accomplish with the <command>ifconfig</command>
command. Since <command>iproute2</command> has separate
command. Since &iproute2; has separate
utilities for managing the link layer, addressing, routing, and
other IP-related objects, it becomes clear even with
the command-line utilities that the MTU is really a function of
@ -590,7 +590,7 @@ default via 192.168.99.254 dev eth0</computeroutput>
<para>
Alternatively, one can set the broadcast address to a different
value, which as Alexey remarks as an aside in the
<command>iproute2</command> manual will "break networking."
&iproute2; manual will "break networking."
Changing the ethernet broadcast address implies that no
conventionally configured host will answer broadcast ARP frames
transmitted onto the ethernet. Since conventional ARP requests
@ -671,7 +671,7 @@ default via 192.168.99.254 dev eth0</computeroutput>
-->
<para>
Part of the <command>iproute2</command> command suite, <command>ip
Part of the &iproute2; command suite, <command>ip
neighbor</command> provides a command line interface to
<link linkend="ex-tools-ip-neighbor-show">display the neighbor table
(ARP cache)</link>,
@ -681,7 +681,7 @@ default via 192.168.99.254 dev eth0</computeroutput>
entries</link> and
<link linkend="ex-tools-ip-neighbor-flush">remove a large number of
entries</link>.
For peculiarities and commonalities of the <command>iproute2</command>
For peculiarities and commonalities of the &iproute2;
tools, refer to
<xref linkend="tools-iproute2-remarks"/>.
</para>

6
LDP/guide/docbook/linux-ip/tools-ip-management.xml
View File

@ -38,7 +38,7 @@
traditional utility for IP management. We will also examine the newer
and more flexible <link
linkend="tools-ip-address"><command>ip address</command></link>, a key
part of the <command>iproute2</command> package.
part of the &iproute2; package.
</para>
<section id="tools-ifconfig">
<title><command>ifconfig</command></title>
@ -348,7 +348,7 @@ lo Link encap:Local Loopback
<section id="tools-ip-address">
<title><command>ip address</command></title>
<para>
Part of the <command>iproute2</command> suite, <command>ip
Part of the &iproute2; suite, <command>ip
address</command> can
<link linkend="tools-ip-address-show">list the IP addresses</link>
affiliated with
@ -601,7 +601,7 @@ lo Link encap:Local Loopback
As you can see, the <command>ip address</command> utility provides a
wealth of information and a great deal of control over the IPs
associated with each device. For more detailed information about
the <command>iproute2</command> package and included tools, see
the &iproute2; package and included tools, see
<xref linkend="links-iproute2"/>.
</para>
</section>

30
LDP/guide/docbook/linux-ip/tools-ip-routing.xml
View File

@ -37,7 +37,7 @@
on to the increasingly used <link linkend="tools-ip-route"><command>ip
route</command></link> and <link linkend="tools-ip-rule"><command>ip
rule</command></link> tools which are part of the
<command>iproute2</command> package.
&iproute2; package.
</para>
<section id="tools-route">
<title><command>route</command></title>
@ -631,7 +631,7 @@ Destination Gateway Genmask Flags Metric Ref Use Iface
<section id="tools-ip-route">
<title><command>ip route</command></title>
<para>
Another part of the <command>iproute2</command> suite of tools for IP
Another part of the &iproute2; suite of tools for IP
management, <command>ip route</command> provides management tools for
manipulating any of the routing tables. Operations
include
@ -655,7 +655,7 @@ Destination Gateway Genmask Flags Metric Ref Use Iface
the <option>table</option> parameter.
</para>
<para>
Fortunately, as mentioned earlier, the <command>iproute2</command>
Fortunately, as mentioned earlier, the &iproute2;
suite of tools does not rely on DNS for any operation so, the
ubiquitous <option>-n</option> switch in previous examples will not be
required in any example here.
@ -1108,7 +1108,7 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
</para>
<para>
There are other options to the <command>ip route add</command>
documented in Alexey's thorough <command>iproute2</command>
documented in Alexey's thorough &iproute2;
documentation. For further research, I'd suggested acquiring and
reading this manual.
</para>
@ -1144,7 +1144,7 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
here to learn a bit more about how to set up NAT in your network,
then you should know that the <command>ip route add nat</command> is
only half of the solution. You must understand that performing NAT
with <command>iproute2</command> involves one component to rewrite
with &iproute2; involves one component to rewrite
the inbound packet (<command>ip route add nat</command>), and
another command to rewrite the outbound packet (<link
linkend="tools-ip-rule-add-nat"><command>ip rule add
@ -1154,8 +1154,8 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
</para>
<para>
Alexey documents clearly in the appendix to the
<command>iproute2</command> manual that the NAT provided by the
<command>iproute2</command> suite is stateless. This is distinctly
&iproute2; manual that the NAT provided by the
&iproute2; suite is stateless. This is distinctly
unlike NAT with netfilter. Refer to <xref linkend="nat-dnat"/> and
<xref linkend="state-conntrack"/>
for a better look at the connection tracking and network address
@ -1164,9 +1164,9 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
<para>
The <command>ip route add nat</command> command is used to rewrite
the destination address of a packet from one IP or range to another
IP or range. The <command>iproute2</command> tools can only operate
IP or range. The &iproute2; tools can only operate
on the entire IP packet. There is no provision directly within the
<command>iproute2</command> suite to support conditional rewriting
&iproute2; suite to support conditional rewriting
based on the destination port of a UDP datagram or TCP segment.
It's the whole packet, every packet, and nothing but the packet
<footnote>
@ -1198,7 +1198,7 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
<xref linkend="nat-stateless-pf-interaction"/>.
</para>
<para>
Not only can <command>iproute2</command> support network address
Not only can &iproute2; support network address
translation for single IPs, but also for entire network ranges. The
syntax is substantially similar to the syntax above, but uses a
CIDR network address instead of a single IP.
@ -1222,7 +1222,7 @@ local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1</computeroutpu
</para>
<para>
Again, this is only one half of the story for NAT with
<command>iproute2</command>. Please be certain to read
&iproute2;. Please be certain to read
the section below for usage information on <link
linkend="tools-ip-rule-add-nat"><command>ip rule add
nat</command></link>, in addition to <xref linkend="ch-nat"/> which
@ -1491,14 +1491,14 @@ local 127.0.0.1 from 127.0.0.1 dev lo
<section id="tools-ip-rule">
<title><command>ip rule</command></title>
<para>
Another part of the <command>iproute2</command> software package,
Another part of the &iproute2; software package,
<command>ip rule</command> is the single tool for manipulating the
routing policy database under linux (RPDB). For a fuller discussion
of the RPDB, see <xref linkend="adv-rpdb"/>. The RPDB can be <link
linkend="tools-ip-rule-show">displayed with <command>ip rule
show</command></link>. Particular rules can be added and removed with
(predictably, if you have been reading the sections on the other
<command>iproute2</command> tools) <link
&iproute2; tools) <link
linkend="tools-ip-rule-add"><command>ip rule add</command></link>
command and the <link
linkend="tools-ip-rule-add"><command>ip rule del</command></link>
@ -1683,7 +1683,7 @@ local 127.0.0.1 from 127.0.0.1 dev lo
<title><command>ip rule add nat</command></title>
<para>
As discussed more thoroughly in <xref linkend="ch-nat"/>, this is the
other half of <command>iproute2</command> supported network address
other half of &iproute2; supported network address
translation. The two components are <link
linkend="tools-ip-route-add-nat"><command>ip route add
nat</command></link> and <command>ip rule add nat</command>.
@ -1739,7 +1739,7 @@ local 127.0.0.1 from 127.0.0.1 dev lo
<section id="tools-ip-rule-del">
<title><command>ip rule del</command></title>
<para>
Naturally, no <command>iproute2</command> tool would be complete
Naturally, no &iproute2; tool would be complete
without the ability to undo what has been done. With <command>ip
rule del</command>, individual rules can be removed from the RPDB.
</para>

32
LDP/guide/docbook/linux-ip/tools-misc.xml
View File

@ -80,24 +80,24 @@
</section>
<section id="tools-iproute2-remarks">
<title>Some general remarks about <command>iproute2</command>tools</title>
<title>Some general remarks about &iproute2;tools</title>
<para>
This is a meant to be a collected set of thoughts which don't fit
anyplace else about the <command>iproute2</command> tools. If you are
anyplace else about the &iproute2; tools. If you are
reading this in search of more details about the
<command>iproute2</command> tools, you should run (not walk) to your
&iproute2; tools, you should run (not walk) to your
nearest command line, and execute the following command:
<userinput>bash -c ' gv $( locate ip-cref.ps ) '</userinput>.
</para>
<para>
In any case, I suggest that the reader consult the
documentation which comes with the <command>iproute2</command>
documentation which comes with the &iproute2;
package for canonical answers.
</para>
<itemizedlist>
<listitem>
<para>
The <command>iproute2</command> suite exposes all of the
The &iproute2; suite exposes all of the
networking functionality of the linux kernel where the venerable
tools
(<link linkend="tools-ifconfig"><command>ifconfig</command></link>,
@ -107,7 +107,7 @@
</listitem>
<listitem>
<para>
Each of the <command>iproute2</command> object names can be
Each of the &iproute2; object names can be
shortened to the shortest unique set of characters. This means
that <command>ip route show</command> can be abbreviated
<command>ip ro s</command> and <command>ip rule show</command> can
@ -116,7 +116,7 @@
convenient shortcuts on the command line are often confusing in
documentation. For this reason, I have preferred examples
featuring the complete object names and action verbs. Note also
below that <command>iproute2</command> accepts not only
below that &iproute2; accepts not only
abbreviations but also synonyms as described in
<xref linkend="tb-tools-iproute2-remarks"/>.
</para>
@ -124,25 +124,25 @@
<listitem>
<para>
There are some syntactic synonyms available within the
<command>iproute2</command> package. See this
&iproute2; package. See this
<xref linkend="tb-tools-iproute2-remarks"/> for a complete list
of synonyms.
</para>
</listitem>
<listitem>
<para>
Because the <command>iproute2</command> command suite is under
Because the &iproute2; command suite is under
development, there may be slight differences between the output
described in this documentation and that of your release of
<command>iproute2</command>. I have tried to focus on the
overwhelmingly common uses of the <command>iproute2</command>
&iproute2;. I have tried to focus on the
overwhelmingly common uses of the &iproute2;
tools rather than the ones which are under active development, and
are subject to syntactic changes or new output presentations.
</para>
</listitem>
<listitem>
<para>
There are extensions to the <command>iproute2</command> command
There are extensions to the &iproute2; command
suite, which can alter the sets of objects or syntax
available for manipulation and inspection. Where these are
covered in detail in this documentation, they will be relegated to
@ -155,13 +155,13 @@
<para>
</para>
<para>
There are some common synonyms in <command>iproute2</command> syntax.
There are some common synonyms in &iproute2; syntax.
Outlined below in <xref linkend="tb-tools-iproute2-remarks"/> is a list
of the common synonyms. Note, that these synonyms are available in
addition to the abbreviations indicated above.
</para>
<table id="tb-tools-iproute2-remarks">
<title><command>iproute2</command> Synonyms</title>
<title>&iproute2; Synonyms</title>
<tgroup cols="2" align="center" colsep="1" rowsep="1">
<thead>
<row>
@ -192,13 +192,13 @@
</tgroup>
</table>
<para>
Because the <command>iproute2</command> suite of tools is so tightly
Because the &iproute2; suite of tools is so tightly
integrated with linux, it is not available for other operating
systems. This is at once its strength and weakness. For users
contemplating linux for the first time, <command>ifconfig</command>,
<command>netstat</command>, and <command>route</command> are familiar
and they feel intuitive. More experienced users and control freaks
will find the <command>iproute2</command> tools attractive and perhaps
will find the &iproute2; tools attractive and perhaps
indispensable.
</para>
</section>