On 22 Jun 2002 16:43:17 +0800 Crispin Wellington <[EMAIL PROTECTED]> wrote:
> On Fri, 2002-06-21 at 16:15, Jan Räther wrote: > > Hi there, > > > > i have just a simple question about iptables. I got a router running > > debian with iptables. The Standard Policy's for all chains are DROP. > > Now i want to masq/route a few specific ports to some boxes inside my > > LAN, all with 192.168.1.x addresses. I do that with: > > > > iptables -A PREROUTING -t nat -i ppp0 -s 0/0 -p tcp --dport 2222 -j > > DNAT--to 192.168.1.2 > > > > My question is now, will that rule be processed before the standard > > INPUT policy gets applied? Or do i have to add a: > > PREROUTING comes before INPUT. > > INPUT is only processed for packets destined for the local machine (this > is different to 2.2 ipchains) which these DNAT packages aren't anyway. > > it goes > > > PREROUTING ---+----> FORWARD ------+-----> POSTROUTING > | ^ > V | > INPUT OUTPUT > | ^ > +-> local processes -+ > > Hope that makes it clear yep, thanks... Jan ----- Jan Räther Universität Hamburg Zentrum für Molekulare Neurobiologie Service-Gruppe EDV Falkenried 94 20251 Hamburg Germany Tel.: 040 - 428 - 03 - 6619 Fax.: 040 - 428 - 03 - 6621 Tell a man there are 300 billion stars in the universe and he'll believe you. Tell him a bench has wet paint on it and he'll have to touch to be sure. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
