Jean Francois Ortolo wrote: > > Furthermore, I understand well too, the REDIRECT target could operate > before the input packet is being routed, such that the destination address > might be those of the internal interface ( to the machine itself > ), however I can't understand the OUTPUT chain could be a possible chain > for this target. > > Hi again Being assumed the PREROUTING chain is used, that's obvious the destination address in the rule should be the external interface IP address ( i.e. before the route ). But for the OUTPUT chain, the only available interface, is clearly the internal one, for the packet is an input packet for the external interface, then goes out from the internal interface, to the lan. However, what is the utility of such a chain, for such a target ? Does it fix the source address of the input packet, from the point of view of internal machines inside the lan ? In this case, the source address for this rule, should be those of the internal interface to which the packet has been redirected. Am I wrong ? Thank you very much for your help. Best regards. Jean Francois Ortolo
