Linux – iptables Filter Before DNAT to Act as Firewall

iptableslinuxnat;

I am trying to use iptables in a single system to act as a firewall to filter packets and pass vaild packets to servers behind that firewall, but if I use DNAT, the data will pass to the servers directly and not filtered.

What should I do to achieve that?

Best Answer

Even DNATed packet are going through the filter. It is processed in the order 

NAT-PREROUTING (e.g. DNAT) => FORWARD => NAT-POSTROUTING (e.g. SNAT, MASQUERADE)

In case it is not working for you the most probably it is because you have forward rules based on the headers valid before DNAT. Once the DNAT is done for the forwarding processing it is processed with already changed destination.

In case you would provide more details on the rules and the information which traffic "is not filtered" somebody can try to check your case... You have provided too load amount of information to be able to be more specific.

Related Topic