bypassing a prerouting rule

bypassing a prerouting rule

[Manestro Oliveira]

Hi,
      I am a begginer to Linux and I have a PREROUTING rule that makes port 
redirection on incoming packages. But there is a server that don`t accept 
that, and works only without that rule. How can I bypass the rule for that 
server specifically?

     If iptables works by matching rules and leaving the other ones without 
checking them, then I should insert a rule before that and the problem is 
solved. Is this correct?

     Sorry if the question might be stupid, but I am taking the chance for 
being stupid now (and maybe not forever). >)

     Thanks.

_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil.  http://www.hotmail.com

Re: bypassing a prerouting rule

[Feizhou]

Manestro Oliveira wrote:
> Hi,
>      I am a begginer to Linux and I have a PREROUTING rule that makes 
> port redirection on incoming packages. But there is a server that don`t 
> accept that, and works only without that rule. How can I bypass the rule 
> for that server specifically?
> 
>     If iptables works by matching rules and leaving the other ones 
> without checking them, then I should insert a rule before that and the 
> problem is solved. Is this correct?

Yes, first match takes effect.

Re: bypassing a prerouting rule

[John A. Sullivan III]

On Wed, 2004-06-23 at 09:24, Manestro Oliveira wrote:
> Hi,
>       I am a begginer to Linux and I have a PREROUTING rule that makes port 
> redirection on incoming packages. But there is a server that don`t accept 
> that, and works only without that rule. How can I bypass the rule for that 
> server specifically?
> 
>      If iptables works by matching rules and leaving the other ones without 
> checking them, then I should insert a rule before that and the problem is 
> solved. Is this correct?
> 
>      Sorry if the question might be stupid, but I am taking the chance for 
> being stupid now (and maybe not forever). >)
<snip>
Yes, you can place an ACCEPT rule before the REDIRECT rule and that will
halt processing in the PREROUTING chain for that match.  Thanks for
asking :-) - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: bypassing a prerouting rule

[Manestro Oliveira]

>On Wed, 2004-06-23 at 09:24, Manestro Oliveira wrote:
>Hi,
>       I am a begginer to Linux and I have a PREROUTING rule that makes 
>port redirection on incoming packages. But there is a server that don`t 
>accept that, and works only without that rule. How can I bypass the rule 
>for that server specifically?
>
>      If iptables works by matching rules and leaving the other ones 
>without checking them, then I should insert a rule before that and the 
>problem is solved. Is this correct?
>
>      Sorry if the question might be stupid, but I am taking the chance for 
>being stupid now (and maybe not forever). >)
<snip>
>Yes, you can place an ACCEPT rule before the REDIRECT rule and that will
>halt processing in the PREROUTING chain for that match.  Thanks for
>asking :-) - John
>--

   From what I've learned so far, one can only use on chain PREROUTING the 
tables nat and mangle.
How can I use an ACCEPT rule on these tables? Doesn't that suppose to use 
the filter table, which can't be used in the PREROUTING chain?

Thanks

_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil.  http://www.hotmail.com