From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Need help with basic understanding of IPtables
Date: Mon, 25 Oct 2004 15:38:00 -0400 [thread overview]
Message-ID: <20041025193800.GA24645@bender.817west.com> (raw)
In-Reply-To: <s17d10cf.018@hpsk12.net>
On Mon, Oct 25, 2004 at 02:41:41PM -0400, Bob Von Ilten wrote:
> I have just installed IPtables and have been reading as many FAQs as I
> can stand, (which come to think of it may be part of my problem :-) ) at
> any rate I have come to a basic understanding that the INPUT and OUTPUT
> chains of the filter table refer to the following. Please correct me if
> I am wrong. The INPUT chain refers to packets that are entering the
> TCP/IP protocol stack from any interface not just the NIC or NICs
> connected to the internet. The OUTPUT chain refers to packets that are
> leaving the stack for some destination either on the internet or on the
> LAN. The NAT table is used for any packets that are in transition
> between INPUT and OUTPUT.
no--not even close.
INPUT is for packets whose DESTINATION is a local IP address on this
machine
OUTPUT is for packets whose SOURCE is a local IP address on this machine
FORWARD is for packets whose SOURCE and DESTINATION are not a local
IP address on this machine
those three chains are the built-in chains of the FILTER table.
in addition to the FILTER table, you also have the NAT and MANGLE
tables.
while there is nothing stopping you from performing filtering in the NAT
or MANGLE tables, the targets that perform NAT and MANGLING are only
valid in those respective tables. for example, the MASQUERADE target is
only valid in the POSTROUTING chain of the NAT table.
have you been reading:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
specifically:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGOFTABLES
-j
--
Jason Opperisano <opie@817west.com>
next prev parent reply other threads:[~2004-10-25 19:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-25 18:41 Need help with basic understanding of IPtables Bob Von Ilten
2004-10-25 19:38 ` Jason Opperisano [this message]
2004-10-25 19:50 ` Kenneth Porter
2004-10-25 19:54 ` Jason Opperisano
2004-10-25 20:01 ` Frank Gruellich
2004-10-25 21:23 ` Kenneth Porter
2004-10-25 22:14 ` Les Mikesell
-- strict thread matches above, loose matches on Subject: below --
2004-10-25 18:49 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041025193800.GA24645@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox