iptables - NAT table
jose sanchez
j_r_sanchez at yahoo.com
Sun Jul 7 17:39:05 CDT 2002
Hello:
Can someone please clear my head on the nat table's
SNAT, DNAT, MASQUERADE. I'm kind of confused.
Please correct if wrong, this is what I understand
about NAT assuming there's a LAN and a DMZ:
When a packet comes in from the internet (external
interface) requesting a web page (dport 80) I can
forward this request to the web server in the DMZ like
this:
iptables -t nat -A PREROUTING -i <external interface>
-dport 80 -j dnat --to-destination <dmz webserver>
iptables -t nat -A OUTPUT -o <internal interface> -j
dnat --to-destination <dmz webserver>
is this correct?
What is actually confusing me are the PREROUTING,
POSTROUTING, and OUTPUT chains. Pre means before, when
the packet comes into the external interface?
Post means after, after the router/firewall decides is
not intended for the localhost. Then, prepares the
packet to be sent to the server of this service.
Please help me understand these chains since I am
getting ready to start developing a firewall and I
would like to understand what I'm doing...
Thank you in advance for all your help.
=====
"An ounce of gold cannot buy an ounce of time."
- Anonymous
www.whmicro.com
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
More information about the Kclug
mailing list