PREROUTING vs INPUT&FORWARD v iptables
Michal Vymazal
gandalf na mbox.vol.cz
Středa Prosinec 19 20:40:46 CET 2001
Miroslav Petricek wrote:
> On Tue, Dec 18, 2001 at 10:55:07PM +0100, Michal Vymazal wrote:
>
>
>>Nevim, jak ta veta byla myslena, ale to, co jsem podtrhl, je ponekud
>>zavadejici. NAT je Network Address Translation (doufam), takze jim
>>prochazeji vsechny pakety. Nejenom pakety se SYN atributem. Radeji to
>>poopravte, nez si to nekdo postavi :-)
>>
>>
>
> cituji z
>
> http://www.boingworld.com/workshops/linux/iptables-tutorial/index.html
>
> ...
> This table should only be used for NAT (Network Address Translation) on
> different packets... Note that, as we have said before, only the first
> packet in a stream will hit this chain. After this, the rest of the
> packets will automatically have the same action taken on them as the
> first packet
> ...
>
>
Well, ted uz to dava smysl. Totiz "first packet in a stream" nemusi
notne byt SYN paket. Asi je tim myslen prvni paket v "baliku" (okne,
davce). pro ostatni pakety pak plati stejna pravidla, jako pro prvni
paket (ohledne prekladu adres), coz je logicke ..... (NAT).
--
Michal Vymazal
gandalf na mbox.vol.cz
Home Computer
Další informace o konferenci Linux