Re: Iptables a '-t nat' dude
Hi
On Mon, Jun 18, 2001 at 10:59:35AM +0200, LuisMi wrote:
> Anyone can tell me if this scheme is correct?
>
> input -> ' -t nat' -> forward -> '-t nat' -> output
>
> where... '-t nat' is optional
>
> I ask this because I will put a condition like...
> $IPT -t nat -A PREROUTING -i $interfaz0 -p tcp -d $ip_eth0 --dport 80 -j
> DNAT --to-destination 172.16.1.2:80
>
> And I don´t know if I must put some rules in input and output
>
> can anyone explain me that?
With ipchains, a packet going through the machine would go
through input, forward and also output. With iptables packets
going through the machine will NOT go through the input and
output chains. Only the forward chains (and
prerouting/postrouting)
See the following URL for details:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-6.html
So you don't need to put anything into the input/output chains
unless you want to control what is sent to/from the firewall
itself, rather than through it.
--
Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies
Reply to: