From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ray Leach <raymondl@knowledgefactory.co.za>
Subject: Re: Routing decision?
Date: 15 Sep 2003 14:14:43 +0200
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <1063628083.31092.82.camel@raylinux.internal>
References: <3F657D37.1010000@able.be>
	 <1063616905.31092.78.camel@raylinux.internal>  <3F65981D.1060700@able.be>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-R27aHtJ8GWWpzunkIzwk"
Return-path: <netfilter-admin@lists.netfilter.org>
In-Reply-To: <3F65981D.1060700@able.be>
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>


--=-R27aHtJ8GWWpzunkIzwk
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2003-09-15 at 12:44, Wim Ceulemans wrote:
> Hi Ray
>=20
> In my opinion 'locally generated packets' can only be generated by a=20
> local process.
> So in the diagram where it says 'local process', that's where the=20
> 'locally generated packets' start
> their way through the kernel. Where's the difference?
>=20
What about packets that get SNATed?
Where are they generated?

> Regards
> Wim
>=20
> Ray Leach wrote:
>=20
> >On Mon, 2003-09-15 at 10:49, Wim Ceulemans wrote:
> > =20
> >
> >>Hi
> >>
> >>In paragraph 6.2 of the iptables-tutorial the following is said:
> >>"The OUTPUT chain is used for altering locally generated packets (i.e.,=
=20
> >>on the firewall) before they get to the routing decision.
> >>
> >>But in paragraph 3.1, the "Traversing of tables and chains" diagram, we=
=20
> >>see the "Routing decision" is listed after the "Local process" and
> >>BEFORE! the packet goes to the output chain.
> >>
> >>So which one is right? Does the routing decision take place after or=20
> >>before the packet travels through the output chain?
> >>   =20
> >>
> >
> >Are you not getting confused with 'locally generated' and 'local
> >process'. They are not the same thing.
> >
> > =20
> >
> >>Regards
> >>   =20
> >>
--=20
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint =3D 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

--=-R27aHtJ8GWWpzunkIzwk
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQA/Za0yh1fuR/Bv+ygRAp8jAJ9AIev0u2uEOUrW5UXFwpyUq2GPQACgjtMJ
muiODEABAFFqJklLJhGUXaY=
=PNZ8
-----END PGP SIGNATURE-----

--=-R27aHtJ8GWWpzunkIzwk--