This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Which order?

Hi!

In which order are packets initiated on the internet treated?

I'm using DNAT, reverse proxy, filtering and forwarding, and I would very much like to know in which order the above services are dealing with the incomming packets.
   


This thread was automatically locked due to age.
Parents
  • Incoming:
    address translation / rewriting
    packet filter

    Outgoing:
    packet filter
    address translation / rewriting  
  • I hope incoming is the reverse i would want the packet filter to nail any hostile packets before getting inside the firewall. 
  • Perhaps I was a little diffuse in my reply. 

    The Netfilter basicly looks like:

     Code:
      
    --->{PREROUTING}------>ROUTING----->{FORWARD}---------->{POSTROUTING}--------->
         Mangle               |           Filter     ^       SNAT
         Conntrack            |                      |        Conntrack
         DNAT                 |                   ROUTING
                              v                      |
                           {INPUT}                {OUTPUT} 
                              | Mangle, Filter       ^ Mangle, Filter
                              | Conntrack            | Conntrack
                              v                      | DNAT


     

    {INPUT} = destination = local
    {FORWARD} = destination != local
    {OUTPUT} = source = local

    IP Tables is "built" over the Netfilter and handles the packetfilter, NAT and mangeling.

    Regarding the packetfilter this takes place in the INPUT, FORWARD and OUTPUT as shown above.

     netfilter.org  

    ... please correct me if I'm wrong - feed my brain  [:)]  
Reply
  • Perhaps I was a little diffuse in my reply. 

    The Netfilter basicly looks like:

     Code:
      
    --->{PREROUTING}------>ROUTING----->{FORWARD}---------->{POSTROUTING}--------->
         Mangle               |           Filter     ^       SNAT
         Conntrack            |                      |        Conntrack
         DNAT                 |                   ROUTING
                              v                      |
                           {INPUT}                {OUTPUT} 
                              | Mangle, Filter       ^ Mangle, Filter
                              | Conntrack            | Conntrack
                              v                      | DNAT


     

    {INPUT} = destination = local
    {FORWARD} = destination != local
    {OUTPUT} = source = local

    IP Tables is "built" over the Netfilter and handles the packetfilter, NAT and mangeling.

    Regarding the packetfilter this takes place in the INPUT, FORWARD and OUTPUT as shown above.

     netfilter.org  

    ... please correct me if I'm wrong - feed my brain  [:)]  
Children
No Data