Re: iptables question
On 22 Jun 2002 16:43:17 +0800
Crispin Wellington <email@example.com> wrote:
> On Fri, 2002-06-21 at 16:15, Jan Räther wrote:
> > Hi there,
> > i have just a simple question about iptables. I got a router running
> > debian with iptables. The Standard Policy's for all chains are DROP.
> > Now i want to masq/route a few specific ports to some boxes inside my
> > LAN, all with 192.168.1.x addresses. I do that with:
> > iptables -A PREROUTING -t nat -i ppp0 -s 0/0 -p tcp --dport 2222 -j
> > DNAT--to 192.168.1.2
> > My question is now, will that rule be processed before the standard
> > INPUT policy gets applied? Or do i have to add a:
> PREROUTING comes before INPUT.
> INPUT is only processed for packets destined for the local machine (this
> is different to 2.2 ipchains) which these DNAT packages aren't anyway.
> it goes
> PREROUTING ---+----> FORWARD ------+-----> POSTROUTING
> | ^
> V |
> INPUT OUTPUT
> | ^
> +-> local processes -+
> Hope that makes it clear
Zentrum für Molekulare Neurobiologie
Tel.: 040 - 428 - 03 - 6619
Fax.: 040 - 428 - 03 - 6621
Tell a man there are 300 billion stars
in the universe and he'll believe you.
Tell him a bench has wet paint on it
and he'll have to touch to be sure.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com