>is there any difference with one > of these :- > > iptables -t nat -I PREROUTING -p tcp --dport 21 > -m state --state NEW,ESTABLISHED,RELATED > > iptables -I FORWARD -p tcp --dport 21 > -m state --state NEW,ESTABLISHED,RELATED I could be wacky, but at this early hour of the morning my foggy brain is noticing a few things. -Neither of these rules jump to anything. -The second rule is not attached to any table, which I don't think is possible... For the first rule, I believe that rules in the nat table only apply to getting things mangled. Specifying the state in there would mean that only things in that state get mangled (dnat, snat, etc), based on the rules following it. Other packets would just have done with them whatever happens to packets aren't associated with a session (arent claimed by NAT, or any listening socket) The second rule would catch packets that are to be forwarded (for nat, or for normal routing) that meet the specified requirements. What happens once it's caught depends on what you jump to.... Remember, I'm just an amateur, havent had my coffee yet, (insert other pithy excuse for my being wrong here).
