On Tue, Feb 9, 2010 at 1:25 PM, Richard Horton <arimus.uk@xxxxxxxxxxxxxx> wrote:
> On 9 February 2010 13:17, paddy joesoap <paddyjoesoap@xxxxxxxxx> wrote:
>> Hi All,
>>
>> How should one interpret the inbound ("-i") and outbound ("-o") of the
>> FORWARD chain.
>>
>
>
> -i refers to the interface the packet is received on.
> -o refers to the interface the packet is routed out on.
>
>
Does this mean that both versions below are equivalent or at least do
the same job?
(1)
iptables -A FORWARD -i eth0 -p tcp -d webServIP -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp -s webServIP -j ACCEPT
Because a packet will enter eth0 for internal network and a packet
will leave eth1 (pushed towards eth0).
(2)
iptables -A FORWARD -i eth0 -p tcp -d webServIP -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp -s webServIP -j ACCEPT
Because a packet will enter eth0 to be forwarded internally and a
packet will also enter eth0 when leaving the network.
>
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
