Re: iptables question

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: iptables question
From: Crispin Wellington <crispin@aeonline.net>
Date: 22 Jun 2002 16:43:17 +0800
Message-id: <[🔎] 1024735397.1436.77.camel@void>
In-reply-to: <[🔎] 20020621101535.06e67e61.jan.raether@zmnh.uni-hamburg.de>
References: <[🔎] 20020621101535.06e67e61.jan.raether@zmnh.uni-hamburg.de>

On Fri, 2002-06-21 at 16:15, Jan Räther wrote:
> Hi there,
> 
> i have just a simple question about iptables. I got a router running
> debian with iptables. The Standard Policy's for all chains are DROP. Now i
> want to masq/route a few specific ports to some boxes inside my LAN, all
> with 192.168.1.x addresses. I do that with:
> 
> iptables -A PREROUTING -t nat -i ppp0 -s 0/0 -p tcp --dport 2222 -j DNAT
> --to 192.168.1.2
> 
> My question is now, will that rule be processed before the standard INPUT
> policy gets applied? Or do i have to add a:

PREROUTING comes before INPUT.

INPUT is only processed for packets destined for the local machine (this
is different to 2.2 ipchains) which these DNAT packages aren't anyway. 

it goes


PREROUTING ---+----> FORWARD ------+-----> POSTROUTING
              |                    ^
              V                    |
            INPUT                OUTPUT
              |                    ^
              +-> local processes -+

Hope that makes it clear

Crispin Wellington




--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: iptables question
  - From: Jan Räther <jan.raether@zmnh.uni-hamburg.de>

References:
- iptables question
  - From: Jan Räther <jan.raether@zmnh.uni-hamburg.de>

Prev by Date: AW: DSA 131: Apache Vulnerability
Next by Date: Re: sources.list for potato
Previous by thread: iptables question
Next by thread: Re: iptables question
Index(es):
- Date
- Thread