-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 28 March 2003 07:14, Kjell Chris Flor wrote:
> Hi,
>
> Tell me if I understand this right.
>
> For a packet that is not for local host,
> but comes in on one interface and goes
> out on another;
>
> Will that packet traverse PREROTING, FORWARD and POSTROUTING
> on _both_ underface, or
>
> will that packet traverse PREROTING, FORWARD and POSTROUTING
> only once, where PREROTING is when a packet "is in" the incoming
> physical interface, and is in FORWARD and POSTROUTING when
> the packet "is in" the outgoing interfave?
I believe this ASCII to be correct, but I'm not certain so a verification from
someone would be appreciated.
-------- -------------------
| Device | | Local application |
---|---- -----|-------------
| |
V |
| |
___|_______________ ___|_______________
/ \ / \
| Connection Tracking | | Connection Tracking |
| | | | | |
| mangle/PREROUTING | | mangle/OUTPUT |
| | | | | |
| nat/PREROUTING | | nat/OUTPUT |
| | | | |
| | | filter/OUTPUT |
\___ _______________/ \___ _______________/
| |
| |
| V
| |
| ----|----
V | Routing |
| ----|----
| |
| V
| ______________ |
---|----- / \ |
| Routing |--->-----| filter/FORWARD |---
---|----- \______________/ |
| |
V V
| |
___|_________________ ________|__________
/ \ / \
| filter/INPUT | | nat/POSTROUTING |
| | | | | |
| Connection Tracking | | Connection Tracking |
\___ _________________/ \________ __________/
| |
| |
V V
| |
| |
----|--------------- --------
| Local application | | Device |
-------------------- --------
- --Erik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+hHxZds9m9uhAobARArrzAJ93Ia6VFxiS8Cx92+M/nfvBxVucpwCeJByZ
kvCpV+lKDHmSCBIi5rutlig=
=QSJn
-----END PGP SIGNATURE-----
