i'm currently looking at a diagram of how packets are processed by iptables, and one part of the diagram shows local applications generating packets which are handed to an OUTPUT chain, from which they are handed to *another* OUTPUT chain, before a routing decision is made.
i'm assuming that one of these OUTPUT boxes is the one for the filter table, while the other is the one for the nat table and that, even though they have the same name, they are really two distinct chains. can anyone clarify which of those two chains is used first -- filter or nat? thanks. rday
