NAT tables and FILTER tables
aseem at india.tejasnetworks.com
Wed Sep 14 13:27:34 CEST 2005
i am actually trying to understand how nat and default filter table work
together. my understanding is this:
when a packet is encountered it is either:
1. a new connection creation request packet.
2. a packet associated with a connection that has been mangled by NAT
3. a packet assiciated with a connection that has not been mangled by
Each case goes like this:
Case 1: NAT table is considerd. Packet passes through PREROUTING chain,
routing decision and then POSTROUTING chain.
Case 1a -- If either of them modified the packet, this packet and all
subsequent packets of this connection DO NOT PASS THROUGH FILTER TABLE
Case 1b -- None of NAT tables modifies packet. It passes through FILTER
table chains as usual.
Case 2: This packet follows the fate of its earlier packets. (PREROUTING
AND POSTROUTING NAT table chains BUT NO FILTER table chains)
Case 3. Passes through FILTER TABLE chains.
is this correct??
Aseem Rastogi wrote:
> I have a small query.
> I have read that whenever a packet requesting a connection is
> encountered, NAT table is used. My question is : Does it mean that for
> new connection request packets ONLY NAT table is considered and not
> default FILTER table?
> Thanks in advance.
The end is always good. If it's not good, it's not the end.
More information about the netfilter