On Thursday 20 June 2002 9:16 pm, Shinju wrote: > Hey folks. > > Do packets always traverse the chain in the 'mangle' table before they > traverse the corresponding chain in other tables? In other words, is this > flow correct?... > > ...manglePREROUTING --> natPREROUTING... > ...mangleINPUT --> filterINPUT... > ...mangleOUTPUT --> natOUTPUT --> filterOUTPUT... > ...mangleFORWARD --> filterFORWARD... > ...manglePOSTROUTING --> natPOSTROUTING...
You can eaily check this for yourself by putting a LOG target as the first rule into every chain. eg: iptables -t mangle -I PREROUTING -j LOG --log-prefix=PreMangle iptables -t mangle -I INPUT -j LOG --log-prefix=InMangle iptables -t mangle -I FORWARD -j LOG --log-prefix=ForMangle iptables -t mangle -I POSTROUTING -j LOG --log-prefix=PostMangle iptables -t mangle -I OUTPUT -j LOG --log-prefix-OutMangle iptables -t filter -I PREROUTING -j LOG --log-prefix=PreFilt iptables -t filter -I INPUT -j LOG --log-prefix=InFilt iptables -t filter -I FORWARD -j LOG --log-prefix=ForFilt iptables -t filter -I POSTROUTING -j LOG --log-prefix=PostFilt iptables -t filter -I OUTPUT -j LOG --log-prefix-OutFilt iptables -t nat -I PREROUTING -j LOG --log-prefix=PreNat iptables -t nat -I POSTROUTING -j LOG --log-prefix=PostNat iptables -t nat -I OUTPUT -j LOG --log-prefix-OutNat Then just send somepackets through the machine and look at the log file to see what order they went through the chains/tables. Antony.
