From: Les Mikesell <les@futuresource.com>
To: Kenneth Porter <shiva@sewingwitch.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Need help with basic understanding of IPtables
Date: Mon, 25 Oct 2004 17:14:58 -0500 [thread overview]
Message-ID: <1098742498.18510.8.camel@moola.futuresource.com> (raw)
In-Reply-To: <7513F20F705FE54833EA4134@[10.169.6.246]>
On Mon, 2004-10-25 at 16:23, Kenneth Porter wrote:
> > IP numbers belong to the IP stack and have nothing to do with
> > interfaces. This idea is completely useless, forget it, this will make
> > things (eg. routing) a lot more understandable. From this point of
> > view, Jasons posting is IMHO very clear.
>
> I only point it out because not everyone knows that there's a difference,
> and may think that the non-NIC interfaces are immune. I remember setting up
> my first ipchains firewall and thinking it odd that I needed explicit rules
> for the loopback interface, but it makes perfect sense in hindsight.
The part that I think is weird is that NAT may be tied to an interface
when first applied, but even if routes are changed so that packets
to a particular address no longer go through that interface, any
that have an entry in the ip_conntrack table continue to have
the NAT applied. Is this intentional?
---
Les Mikesell
les@futuresource.com
next prev parent reply other threads:[~2004-10-25 22:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-25 18:41 Need help with basic understanding of IPtables Bob Von Ilten
2004-10-25 19:38 ` Jason Opperisano
2004-10-25 19:50 ` Kenneth Porter
2004-10-25 19:54 ` Jason Opperisano
2004-10-25 20:01 ` Frank Gruellich
2004-10-25 21:23 ` Kenneth Porter
2004-10-25 22:14 ` Les Mikesell [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-10-25 18:49 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1098742498.18510.8.camel@moola.futuresource.com \
--to=les@futuresource.com \
--cc=netfilter@lists.netfilter.org \
--cc=shiva@sewingwitch.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.