Hi On Mon, Jun 18, 2001 at 10:59:35AM +0200, LuisMi wrote: > Anyone can tell me if this scheme is correct? > > input -> ' -t nat' -> forward -> '-t nat' -> output > > where... '-t nat' is optional > > I ask this because I will put a condition like... > $IPT -t nat -A PREROUTING -i $interfaz0 -p tcp -d $ip_eth0 --dport 80 -j > DNAT --to-destination 172.16.1.2:80 > > And I don�t know if I must put some rules in input and output > > can anyone explain me that?
With ipchains, a packet going through the machine would go through input, forward and also output. With iptables packets going through the machine will NOT go through the input and output chains. Only the forward chains (and prerouting/postrouting) See the following URL for details: http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-6.html So you don't need to put anything into the input/output chains unless you want to control what is sent to/from the firewall itself, rather than through it. -- Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/ [EMAIL PROTECTED] | Fax: +27 21 761 9930 | Kingsley Technologies
