I am trying to use iptables in a single system to act as a firewall to filter packets and pass vaild packets to servers behind that firewall, but if I use DNAT, the data will pass to the servers directly and not filtered.
What should I do to achieve that?
Best Answer
Even DNATed packet are going through the filter. It is processed in the order
In case it is not working for you the most probably it is because you have forward rules based on the headers valid before DNAT. Once the DNAT is done for the forwarding processing it is processed with already changed destination.
In case you would provide more details on the rules and the information which traffic "is not filtered" somebody can try to check your case... You have provided too load amount of information to be able to be more specific.