On Fri, 2002-06-21 at 16:15, Jan Räther wrote:
> Hi there,
>
> i have just a simple question about iptables. I got a router running
> debian with iptables. The Standard Policy's for all chains are DROP. Now i
> want to masq/route a few specific ports to some boxes inside my LAN, all
> with 192.168.1.x addresses. I do that with:
>
> iptables -A PREROUTING -t nat -i ppp0 -s 0/0 -p tcp --dport 2222 -j DNAT
> --to 192.168.1.2
>
> My question is now, will that rule be processed before the standard INPUT
> policy gets applied? Or do i have to add a:
PREROUTING comes before INPUT.
INPUT is only processed for packets destined for the local machine (this
is different to 2.2 ipchains) which these DNAT packages aren't anyway.
it goes
PREROUTING ---+----> FORWARD ------+-----> POSTROUTING
| ^
V |
INPUT OUTPUT
| ^
+-> local processes -+
Hope that makes it clear
Crispin Wellington
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
