Incoming traffic to eth0 or eth1 can be directed to the box itself or must be FORWARDed in the case of: 1) Incoming traffic on eth0 directed to the internal network 2) Incoming traffic on eth1 directed to Internet Jorge. On Tue, May 17, 2011 at 3:50 PM, <netfilter@xxxxxxxxxxxxxx> wrote: > OK. Thanks. So to block/allow traffic from network A to/from network B > I would apply my rules to the FORWARD chain using a source/destination. > The INPUT and OUTPUT chains on eth0 and eth1 are only for traffic bound > for the firewall/router box itself? > > On Tue, 17 May 2011 23:29 +0200, "Pascal Hambourg" > <pascal.mail@xxxxxxxxxxxxxxx> wrote: >> Hello, >> >> netfilter@xxxxxxxxxxxxxx a écrit : >> > >> > In the following scenario. Someone makes a new HTTP request from the >> > Internet that is allowed inbound on eth0 and goes out of the eth1 >> > interface to the HTTP server in the server network. >> > The HTTP server in the server network sends the response to the original >> > requester. >> > >> > Does the response ever hit the INPUT chain of ETH1? >> >> No. >> >> > Or does it immediately go to the FORWARD chain >> >> Yes. >> >> > and out the OUTPUT chain of eth0. >> >> No. >> The three filter chains are mutually exclusive : a packet can only go >> through one of them. Forwarded packets only go through the FORWARD chain. >> > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Jorge Isaac Dávila López +505 8430 5462 jorgedavilalopez@xxxxxxxxx --- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
