ip_local_deliver related query
Patrick McHardy
kaber at trash.net
Tue Feb 7 15:47:02 CET 2006
Vasantha Kumar Puttappa wrote:
> Hi Patrick,
> Thanks for your response. I have one more thing to clarify.
> ( Sorry in the previous I made a great mistake, I wanted to change
> destination IP address of the packet and not the source IP address).
>
> ( I am referring to first figure in the following link
> http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html)
>
> If I am not wrong, NAT is being in done in PREROUTING AND POST-ROUTING
> stage. But what I want to do is to take packets in FILTER INPUT stage and
> change the destination IP address ( I don't want to create any SNAT
> corresponding to that) and give it to local process.
> (Assume that a socket waiting with that new destination address)
NAT is also done in LOCAL_OUT (DNAT) and LOCAL_IN (SNAT).
> So, will there be any problem ?
No, it will work fine. Again: the socket lookups are done after the
netfilter hooks were called, so they will use the changed IP address.
More information about the netfilter-devel
mailing list