On Mon, 2003-09-15 at 12:44, Wim Ceulemans wrote: > Hi Ray > > In my opinion 'locally generated packets' can only be generated by a > local process. > So in the diagram where it says 'local process', that's where the > 'locally generated packets' start > their way through the kernel. Where's the difference? > What about packets that get SNATed? Where are they generated? > Regards > Wim > > Ray Leach wrote: > > >On Mon, 2003-09-15 at 10:49, Wim Ceulemans wrote: > > > > > >>Hi > >> > >>In paragraph 6.2 of the iptables-tutorial the following is said: > >>"The OUTPUT chain is used for altering locally generated packets (i.e., > >>on the firewall) before they get to the routing decision. > >> > >>But in paragraph 3.1, the "Traversing of tables and chains" diagram, we > >>see the "Routing decision" is listed after the "Local process" and > >>BEFORE! the packet goes to the output chain. > >> > >>So which one is right? Does the routing decision take place after or > >>before the packet travels through the output chain? > >> > >> > > > >Are you not getting confused with 'locally generated' and 'local > >process'. They are not the same thing. > > > > > > > >>Regards > >> > >> -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
