what is first checked by iptables? prerouting or input?
JVD
bono@wol.be
Thu, 27 Sep 2001 02:18:44 +0200
That's a great site and a very good graphic !!!
Now there is no more contestation.
thx very much :-)
Jean
----- Original Message -----
From: "Patrick Nelson" <pnelson@neatech.com>
To: <netfilter@lists.samba.org>
Sent: Thursday, September 27, 2001 1:47 AM
Subject: RE: what is first checked by iptables? prerouting or input?
> Philipp Snizek wrote:
> ----------------->>>>
> Hi
>
> First thanks to JVD who helped me with his answer yesterday. Logging works
> fine now. Was a good tip with the user defined chains.
>
> Imagine we had RFC 1918 addressed networks on both sides. Imagine further we
> would combine -t nat and -t filter to one scheme (instead of 2 schemes as it
> is in the how-tos).
> Please just tell me whether this scheme is true:
>
> --> prerouting --> input --> forward --> postrouting --->
> | |
> | |
> local process -> output
> ----------------->>>>
> Check out http://www.knowplace.org/netfilter/syntax.html and look down the
> page to Packet Transversal. I copied the graphic and used it while building
> my fw, worked for me. The whole thing is very helpful and you can go to the
> beginning link on www.knowplace.org. This Packet Trans part was 3 o 4
> pages in. HTH