IPTables and FORWARD chain

[theuser26]

Hello guys.

I'm reading about IPTables and its tables and chains, but I have some problems understanding how a forward works.

I wrote some conclusions of what I understood so far:

1. every incoming DNATed packet goes necessarily to FORWARD
2. every outgoing SNATed packet not necessarily comes from FORWARD
3. every forwarded packet was DNATed at PREROUTING and SNATed at POSTROUTING

I hope you can help me to confirm that I'm in the right way.

Kind regards and thanks for advance.

[LinuxSecurity]

Basically, the forwarding table is used whenever a packet enters the firewall table stream for which the destination IP address is different than any link local address on that server,*and*, /proc/sys/net/ipv4/ip_forward is set to one. Do not confuse the filter table with the nat table; the nat table is used for network address translation.

Packets traverse the FORWARD chain in the filter table after the pre-routing chain in the nat table, and before the post routing chain in the nat table.

-Eric

[mibrahim]

Hi user26
Forward table should be used if you are using your linux machine as a router, if you want to protect the Linux machine itself use INPUT table, if you want to prevent your linux machine from using certain ports use OUTPUT table.