iptables and nat

To: debian-user@lists.debian.org
Subject: iptables and nat
From: Rudy Gevaert <rudy@zeus.UGent.be>
Date: Mon, 11 Aug 2003 23:06:37 +0200
Message-id: <[🔎] 20030811210636.GA11871@zeus.UGent.be>
Mail-followup-to: Rudy Gevaert <rudy@zeus.UGent.be>, debian-user@lists.debian.org

Hi,

I'm fiddling arround with iptables and I have some problems
understading how the tables and chains work with SNAT.

My network is setup as following:
eth0 is a static ip address
eth1 has ip 10.0.0.254 and connects to a switch with two other
computers on it.

When a packet comes from the internet with destination one of the
computers on the local lan, which route does it take?

Is it put straight away through the FORWARD chain or does it go
through the INPUT chain first?  

And when does the addresstanslation take place?  (I'm using SNAT)
When do I have to put the local address in the rules and when not?

And the other way arround (local lan -> internet)?

Am I correct when a packet from the local lan wants to go to the
gateway it goes straight through to the INPUT chain, gets processed
and goes to the OUTPUT?

And am I correct if I say that when I packet from the internet wants
to go to the static ip (e.g. apache running on the firewall) it is:
INPUT; process; OUPUT?

Thanks in advance,

-- 
Rudy Gevaert                rudy@zeus.UGent.be
Web page                    http://www.webworm.org
GNU/Linux user and Savannah hacker http://savannah.gnu.org
Love sometimes expresses itself in sacrifice.
        -- Kirk, "Metamorphosis", stardate 3220.3

Reply to:

Follow-Ups:
- Re: iptables and nat
  - From: Shaul Karl <shaul@actcom.net.il>
- Re: iptables and nat
  - From: Derrick 'dman' Hudson <dman@dman13.dyndns.org>

Prev by Date: Re: Need help generating odd crontab line
Next by Date: Re: CD-ROM read fails. Recovery is impossible.
Previous by thread: Re: nforce kernel modules
Next by thread: Re: iptables and nat
Index(es):
- Date
- Thread