On Fri, 01 Mar 2002 07:15:28 -0600 Ted Fines <[EMAIL PROTECTED]> wrote: > If I have a rule in the nat table, PREROUTING chain, which directs the > packet to DNAT (eg -j DNAT --to 1.2.3.4), what happens to the packet > next? What ruleset is the packet next compared against?
The OUTPUT chain in the nat table may be somewhere in here, but I don't
know where. Otherwise:
nat/PREROUTING -> filter/(INPUT or FORWARD) -> nat/POSTROUTING
|
\--> Only if 1.2.3.4 is the NAT box
The OUTPUT chain in the filter table is only used for locally-generated
packets, IIRC.
Anybody care to confirm what I've said? Thanks :)
--
,______________________________________________________________________.
| David B. Harris, Systems administrator | http://www.terrabox.com |
| [EMAIL PROTECTED], [EMAIL PROTECTED] | http://eelf.ddts.net |
|======================================================================|
| Clan Barclay motto: Aut agere, aut mori. (Either action, or death.) |
`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
msg00537/pgp00000.pgp
Description: PGP signature
