On 25.08.2012 18:47, Juan Diego Tascón wrote:
Good day,
I'm currently configuring a router. I'm setting the default policies
to DROP in the INPUT OUTPUT AND FORWARD chains. I'm thinking of
setting the default FORWARD policy to ACCEPT as my default INPUT
policy is DROP and unless there is a valid FORWARD rule for a given
port the packets wont go anywhere. I'm I right on this? or could
someone deliberately setup a packet to be forwarded from my router to
my lan? all I could find on google was one similar question with no
answer :(
FORWARD and INPUT are completely different.
INPUT is for packets that are in the end are destined for the host (i.e.
routed to the host).
FORWARD is for packets, that are only forwarded by the host, the packets
will not go through the INPUT chain.
In a normal routed network this depends on the destination IP of the
packet, but if you DNAT the packets in the PREROUTING chain of the nat
table the destination IP will change.
--
дамјан