I'm using a linux box as a router:
The Box has 2 public ips and local ip, i'm using natting to allow local users to access the web.
When a local user access the web, source natting happens here, the packets going through the public interface are they checked through the OUTPUT chain or through the Forward chain ?
The same Question for the returned packets of the already established session are they check via the INPUT or forward chain ?
One last thing: Consider me as a local user the packets will go like this
PC —> LinuxBox Local Interface —> Linux Box Public interface —-> External world.
When the packets come back:
External Word —->Public interface —-> Local interface —–>PC
If i want to apply a rule on the packet when they move from the local interface to the PC,
should i use the FORWARD chain or the OUTPUT chain ?
What do you think ??
Best Answer
Any packets going through the router is handled in the FORWARD chain. They will NEVER touch INPUT or OUTPUT.
Any packets that originate from the router itself will be handled by OUTPUT. Never FORWARD.
Any packets destined to an address that is assigned to one of the routers interfaces, will be handled by INPUT chain. Never FORWARD.
The only (kind-of) exception to the INPUT/OUTPUT never being handled by INPUT is if you apply any Destination NAT (as opposed to Source NAT) rules, in which case the destination of a packet originally destined for an address on one of the routers interfaces could be changed to something that is not, in which case it does go to FORWARD because the packet is no longer destined for an address on the local machine.