See this graph (created by Jan Engelhardt), it should explain what you are asking for: http://jengelh.medozas.de/images/nf-packet-flow.png Karel > Sorry, I'm not wording my questions very well. Let me start from the top. > Thanks everyone for the fantastic help by the way :) > > Ok, so as I understand Linux, and please correct me if I'm wrong, when a > packet comes into a physical interface on a Linux machine, regardless of the > status of the net.ipv4.conf.<interface>.forwarding, Linux will always put > the packet onto a "chain". This will either be the INPUT chain or the > FORWARD chain. Is that correct? > > Next, if the packet it destined for an IP of one of the local interfaces, it > puts it onto the INPUT chain, correct? > > However if the packet it destined for a non-local host, it puts it onto the > FORWARD chain, correct? > > Then, when the packet is on the forward chain, it depends on if the incoming > interface is connected to a bridge or not. If it is connected to a bridge, > the packet will transverse the FORWARD chain and go out the interface which > must be part of the same bridge, correct? > > If, however, the incoming interface is not connected to a bridge, Linux will > fordward the packet out of another interface which is thinks is correct (as > defined by the routing table), but it will only do this if > net.ipv4.conf.<interface>.forwarding is set to 1, correct? > > Before I go on with my next set of question, I'd just like someone to > correct the above if it is wrong > > Many Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
