Order of rules when NAT'ing.
Scotty Gammenthaler
scottygamm@topher.net
Sun, 30 Apr 2000 00:38:58 -0500
> Hi!
>
> Question following might be considered stupid, but here goes:
>
> When making up a POSTROUTING NAT table, is the order of the rules vital?
>
> Example:
>
> iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to
> 4.3.2.1
> iptables -t nat -A POSTROUTING -s 192.168.2.10 -o eth0 -d 1.2.3.4 -j
> SNAT --to 5.6.7.8
>
> In the case above, what will packages going from 192.168.2.10 to 1.2.3.4
> end up beeing SNAT'ed to?
>
> Thanks in advance!
>
> Regards
> Sture Lygren
I'm no expert on this, but according to the Linux 2.4 NAT HOWTO
(see http://www.samba.org/netfilter/unreliable-guides/NAT-HOWTO.html,
Section 5), "...each rule is examined in order until one matches."
So the order is vital and I would expect your packet to match the
first rule and get SNAT'ed to 4.3.2.1.
Scotty Gammenthaler
--
Home email: scottygamm@topher.net
Work email: scotty@a-concepts.com
Home page: www.topher.net/~scottygamm