General IPTables Questions
Fri, 01 Mar 2002 09:20:46 -0600
I understand (I think!) when a packet gets DROPped or ACCEPTed, as in
iptables -A FORWARD -p tcp --dport http -j ACCEPT, for example.
But in a DNAT rule, as in, iptables -t nat -A PREROUTING -s 188.8.131.52 -j DNAT
--to 184.108.40.206, for example, the packet's destination address gets changed,
but then where does it go once it is done in the PREROUTING chain in the
nat table? It hasn't been DROPped or ACCEPTed yet.
--On Friday, March 01, 2002 3:40 PM +0100 Sascha Andres
> On Fri, Mar 01, 2002 at 07:15:28AM -0600, Ted Fines wrote:
>> I looked in the man page for IPTables (1.2.5) for this, but couldn't
>> find it.
>> If I have a rule in the nat table, PREROUTING chain, which directs the
>> packet to DNAT (eg -j DNAT --to 220.127.116.11), what happens to the packet
> depends on your rule. for example if the rule say drop it
> will go to nirvana.
>> What ruleset is the packet next compared against?
> again. depends on the rule. in general if the rule applies
> trhat rule is taken and nothing more gets checked (except
> for some special targets), if it does not match the next
> rule in the chain is compared to the packet.
> if you're at the end of that chain the default policy is
> ciao sascha
> Sascha Andres email@example.com