I am not sure what your question is. Both netfilter and the NAT tables are controlled by iptables. A given packet traversing the chains can potentially match rules in each of the
PREROUTING chain (i.e. for DNAT), the POSTROUTING chain (i.e. for SNAT or MASQUERADE) and one of netfilter's INPUT, OUTPUT, or FORWARD chains.
|