Confused by a I/O/FORWARD thing about IPtables
j. jeffrey close
close@cafenoir.com
Fri, 08 Jun 2001 12:10:31 -0700
hi,
thanks very much for your reply.
you are correct, and thank you. i did not read the first term of that section
carefully enough (diff. iptables vs. ipchains) where it says that they "now only
get locally-destined and locally-generated packets. They used to see all incoming
and all outgoing packets respectively."
so does the 'nat' table with PREROUTING and POSTROUTING happen in addition to all
three of FORWARD, INPUT, and OUTPUT, or only in the case of FORWARD ? (or only
in the case of INPUT and OUTPUT)?
sorry for my confusion; maybe i was too accustomed to ipchains, but i thought
that the logic in ipchains made more sense. maybe after i use this (now that i
clearly understand clearly which way it goes) it will make more sense.
cheers,
jeffrey
Magnus von Köller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As Rusty actually does mention in his documentation (it's actually quite
> clear in the section describing differences between IPCHAINS and IPTABLES),
> the INPUT chain is only traversed for packages destined to the local machine,
> OUTPUT only for packets that originate from the local machine and FORWARD is
> traversed only for packets that are forwarded by the local machine.
>
> - -M
>
> - ------- Magnus von Köller <magnus@vonkoeller.de> ------
> Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany
> Phone: +49-(0)531/2094886 Mobile: +49-(0)179/4562940
>
> lp1 on fire (One of the more obfuscated kernel messages)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.5 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7IR9nUIvM6e6BgFARAgSQAKCJCTe3d5CsSB+oJB3KM5SnjcX9ZACcC2o5
> MhJbZL21IYZJJTnF+cNn+RQ=
> =mx/0
> -----END PGP SIGNATURE-----