Henrik

Thanks for your answer.

If I understand correct, if the local endpoint of the socket is not 
bound, then:
1. The routing decision is taken, and the source IP address is assigned 
to the IP address of the interface
    through which the packet would leave the firewall.
2. The packet travels through the OUTPUT chain and does not pass the 
routing decision anymore, because
     the routing decision was already taken before going to the OUTPUT 
chain.
Is there any specific reason why the packet doesn't pass the routing 
decision the second time?

Regards
Wim

Henrik Nordstrom wrote:

>On Mon, 15 Sep 2003, Wim Ceulemans wrote:
>
>  
>
>>In paragraph 6.2 of the iptables-tutorial the following is said:
>>"The OUTPUT chain is used for altering locally generated packets (i.e., 
>>on the firewall) before they get to the routing decision.
>>    
>>
>
>Yes.
>
>  
>
>>But in paragraph 3.1, the "Traversing of tables and chains" diagram, we 
>>see the "Routing decision" is listed after the "Local process" and
>>BEFORE! the packet goes to the output chain.
>>
>>So which one is right? Does the routing decision take place after or 
>>before the packet travels through the output chain?
>>    
>>
>
>Both, depending on the situation.
>
>if the local endpoint of the socket sending the packet is bound then
>routing occurs after OUTPUT.
>
>If the local endpoint of the socket is NOT bound then routing occurs 
>before OUTPUT to assign the source address.
>
>Regards
>Henrik
>
>
>  
>


-- 
Wim Ceulemans
R&D Engineer

Secure Internet Communication with aXs Guard

Able NV
Leuvensesteenweg 282 - B-3190 Boortmeerbeek - Belgium
Phone: + 32 15 50.44.00 - Fax: + 32 15 50.44.09
E-mail: wim.ceulemans@able.be



--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)