I have a Gentoo Linux system running linux 2.6.38-rc8. I also have a machine running Ubuntu with linux 2.6.35-27. I also have a virtual machine running Debian Unstable with linux 2.6.37-2.
On the Gentoo and Debian systems I have an INPUT chain built into my nat table in addition to PREROUTING, OUTPUT, and POSTROUTING.
On Ubuntu, I only have PREROUTING, OUTPUT, and POSTROUTING.
I am able to use this INPUT chain to use SNAT to modify the source of a packet that is destined to the local machine (imagine simulating an incoming spoofed IP to a local application or just to test a virtual host configuration). This is possible with 2 firewall rules on Gentoo and Debian but seemingly not so on Ubuntu. I looked around for documentation on changes to the SNAT target and the INPUT chain of the nat table and I couldn't find anything.
Does anyone know if this is a configuration issue or is it something that was just added in more recent versions of linux?
Best Answer
It looks like this was added some time after 2.6.35, see commit c68cd6cc21eb329c47ff020ff7412bf58176984e