Hi! >>In Chapter 6 there is an ASCII graph of chains, and the branching >>between INPUT and FORWARD chain is depicted before both chains. Reading >>on, when the picture is explained, >>the text states that package enters INPUT chain and if it is found out >>that it isn't for that host, THEN it goes to FORWARD chain... >> > >Uh? Where does the doc state this? This is literally what it says: > > 1.When a packet comes in (say, through the Ethernet card) the kernel >first looks at the destination of the packet: this is called `routing'. > > 2.If it's destined for this box, the packet passes downwards in the >diagram, to the INPUT chain. If it passes this, any processes waiting >for that packet will receive it. > > 3.Otherwise, if the kernel does not have forwarding enabled, or it >doesn't know how to forward the packet, the packet is dropped. If >forwarding is enabled, and the packet is destined for another network >interface (if you have another one), then the packet goes rightwards >on our diagram to the FORWARD chain. If it is ACCEPTed, it will be >sent out. > > 4... > >>The question is, is branching done before INPUT and FORWARD chain or in >>INPUT chain? >> > >The branching you're talking about is done by the routing engine >before INPUT or FORWARD (see step 1 above). > >Ramin >
Thank you for your reply. It seams to me that the numbering confused me... It goes 1. 2. 3. 4. instead of 1. 2a. 2b. 3. Anyway, it seams clear now... bye... I.
