> i tested only the POSTROUTING, and found that is before "nat
> POSTROUTING", beacouse i put:
>
> iptables -t mangle -A POSTROUTING -o eth0 -j LOG --log-prefix
> LOG_FILTER_EXT-DEF-
>
> and get in the logs this:
> Sep 11 00:18:22 www kernel: LOG_FILTER_EXT-DEF-IN= OUT=eth0
> SRC=10.0.0.100 DST=80.128.37.129 LEN=1
>
> and i have:
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- 10.0.0.0/24 0.0.0.0/0 to:x.x.x.x
>
>
> so it's right??? if yes Stef please modify the diagram, if no, why?
>
> and probably the "mangle INPUT" is after "filter INPUT"
>
> and "mangle FORWARD" is after "filter FORWARD"
I updated the diagram. Like Leonardo said, I putted mangle before nat. Any
updates/remarks are welcome. I also added the imq device (right after mangle
for incoming packets and after all tables for outgoing packets).
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
