how packets traverse thru iptables chains?
As above. I'm confused with how the chains are traversed in iptables.
Let's say the Linux box has 3 NIC: eth0 for internet, eth1 for DMZ and eth2 for local LAN.
When a box in LAN trying to access a webserver in the internet, would the packet go through INPUT chain, as in the case of using ipchains? And what happen then?
Currently I believe it will go straight to FORWARD chain and then SNAT'ed in the POSTROUTING chain. So, there's no INPUT or OUTPUT chains involved.
Is this true? This is what I can grasp from IPTables Tutorial. But when I read some firewall examples, it filters the INPUT chain too...
|