Results 1 to 3 of 3
Thread: IPTables and FORWARD chain
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jul 2011
IPTables and FORWARD chain
I'm reading about IPTables and its tables and chains, but I have some problems understanding how a forward works.
I wrote some conclusions of what I understood so far:
1. every incoming DNATed packet goes necessarily to FORWARD
2. every outgoing SNATed packet not necessarily comes from FORWARD
3. every forwarded packet was DNATed at PREROUTING and SNATed at POSTROUTING
I hope you can help me to confirm that I'm in the right way.
Kind regards and thanks for advance.
- Join Date
- Sep 2011
Basically, the forwarding table is used whenever a packet enters the firewall table stream for which the destination IP address is different than any link local address on that server,*and*, /proc/sys/net/ipv4/ip_forward is set to one. Do not confuse the filter table with the nat table; the nat table is used for network address translation.
Packets traverse the FORWARD chain in the filter table after the pre-routing chain in the nat table, and before the post routing chain in the nat table.
Forward table should be used if you are using your linux machine as a router, if you want to protect the Linux machine itself use INPUT table, if you want to prevent your linux machine from using certain ports use OUTPUT table.