how iptables/NAT work together
Rusty Russell
rusty@linuxcare.com.au
Fri, 14 Jul 2000 10:22:12 +1000
In message <ygebt02q87i.fsf@bfnet.com> you write:
> The other day, I wrote:
> Me> Regarding the diagram below,
> Me>
> Me> Why doesn't output from "Local Process" have to go through "Routing
> Me> Decision?"
>
> Thus spake Rusty:
> Rusty> Yep, I handwaved.
>
> But output from "Local Process" doesn't go through "Forward", right?
> How does "Forward" know not to filter those packets that came from
> "Local Process"?
It doesn't go through FORWARD; it goes:
1) Route
2) Build packet
3) OUTPUT hook
4) If changed, route again.
5) POSTROUTING hook.
Forward goes:
1) PREROUTING hook
2) Route
3) FORWARD hook
4) POSTROUTING hook
Hope that helps,
Rusty.
--
Hacking time.