Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: difference between the chains

difference between the chains 10 years 11 months ago #12429

Hi.,
If any one tell me the difference betweent the iptables chains in brief

for what input chain
for what forward chain
for what output chain
for what prerouting chain
for what postrouting chain
In which location filteration is takin place for ecah chain

regards,
Prabhakaran.D
The administrator has disabled public write access.

Re: difference between the chains 10 years 11 months ago #12443

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Check out this two part tutorial series, (1) and (2), which gives an excellent but brief introduction to iptables.
The administrator has disabled public write access.

Re: difference between the chains 10 years 10 months ago #12724

Hi,

As I understand.. and put I in lay mans terms
Input chain is the one, which handles incoming packets with the destination address of that particular machine.
Output chain is the one which takes care of the packets that are generated from that machine ( the one running iptables).
Forward chain is the one which takes care of the packets that passes through the machine to other PC..
To illustrate..

if ur firewall has 192.168.1.1 and 192.168.2.1 assigned.
If u ping 192.168.1.1 from 1.0 network I will pass through INPUT chain..

If u ping 192.168.2.10 from 192.168.1.0 ( NWork) it will pass through forward chain.
If you are running an application ( Say squid proxy Or even if u browse the net from the same box) where the packets are being generated form that box itself.. It will go through output chain.

Prerouting is the first thing that will be reached by the packet, If u want to port forward ( DNAT) u can do that here without affecting the routing decissions.
Postrouting is the one where the routing decisions happen, you can use it to SNAT/MASQ the connection.

Ok.. I am sorry.. I did not mean to confuse u more ;P

Bye
The administrator has disabled public write access.

Re: difference between the chains 10 years 10 months ago #12737

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
linuxmanju,

i am also contemplating on iptables.
Input chain is the one, which handles incoming packets with the destination address of that particular machine.

is it regardless of where network the packets coming from? let us say two networks connected to the firewall machine, the eth1 (internal) eth0 (external). are the incoming packets from the eth0 or from the eth1 is being handled by the input chain?


thx,
The administrator has disabled public write access.

Re: difference between the chains 10 years 10 months ago #12740

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Hi monsky, it can be a bit tricky to get the hang of it. As linuxmanju has explained, the chain that is used depends on the final destination of the packet.

If the packet is destined for the eth0 interface's IP and originates on the network connected to eth0, then the INPUT chain takes care of it. On the other hand if the packet is destined for the eth1 interface's IP and originates on the network connected to eth0, then the FORWARD chain takes care of it.

[code:1]
Destination Source Chain
eth0 IP eth0 network INPUT
eth1 IP eth0 network FORWARD
eth0 IP eth1 network FORWARD
eth1 IP eth1 network INPUT
[/code:1]
The administrator has disabled public write access.

Re: difference between the chains 10 years 10 months ago #12758

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
tnx DaLight,

to make the question simple, let me ask things this way:

first question:

are packets coming from the INTERNAL network directed to the linux firewall are the packets being handled by the input chain?

are packets coming ALSO from the EXTERNAL network directed to the linux firewall are the packets being handled by the input chain?

are the packets regardless if it is from the INTERNAL (eth1) or EXTERNAL (eth0) are the things handled by the input?

am i missing something?

:?
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup