Re: FORWARD Chain Question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Jörg Harmuth" <harmuth@mnemon.de>
To: netfilter@lists.netfilter.org
Subject: Re: FORWARD Chain Question
Date: Tue, 13 Dec 2005 11:30:53 +0100	[thread overview]
Message-ID: <439EA2DD.2030500@mnemon.de> (raw)
In-Reply-To: <BOEKIIIKCIBKDMDMHHLLAEHGDFAA.gene@poh.com>

Gene Dellinger schrieb:
> To All:
> I got some helpful information, thanks to those who responded, I am still a
> bit fuzzy though.
> A packet coming in ETH0 destined for a system connected to ETH1, will that
> packet begin in the PREROUTING
> chain on ETH1(sample 1) and then out or go to the FORWARD chain(sample 2)
> and then out.
> 
> ETH0:PREROUTING---->FORWARD---->POSTROUTING---->OUT
>          |	           |            |
>        INPUT  	     |         OUTPUT
>          |	          \|/	      |
>       Local Process    |         Local Process

As Jim already said, chain traversal isn't bound to interfaces by
itself, but you can write rules that are related to a certain interface.
If you take this picture (stolen from you and a little bit modified):

   IN-->PREROUTING---->FORWARD---->POSTROUTING---->OUT
          |	                        |
        INPUT  	                      OUTPUT
          |                             |
          +------->Local Process------->+

then you have a simplified picture of what's going on (amongst others,
nat and mangle table are missing and the optional raw table as well).
Packets go through the above picture regardless of the interface (unless
as Jim also said, you specify -i or -o).

HTH,

Joerg

next prev parent reply	other threads:[~2005-12-13 10:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <BOEKIIIKCIBKDMDMHHLLEEHFDFAA.gene@poh.com>
2005-12-12 21:46 ` FORWARD Chain Question Gene Dellinger
2005-12-13  0:16   ` FORWARD Chain Question (nfcan: addressed to exclusive sender for this address) Jim Laurino
2005-12-13 10:30   ` Jörg Harmuth [this message]
2005-12-13 19:21     ` FORWARD Chain Question Gene Dellinger
2005-12-10  0:40 Gene Dellinger
2005-12-10  8:15 ` Georgi Alexandrov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=439EA2DD.2030500@mnemon.de \
    --to=harmuth@mnemon.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.