Книга: Iptables Tutorial 1.2.2
PREROUTING chain of the nat table
PREROUTING chain of the nat table
The PREROUTING chain is pretty much what it says, it does network address translation on packets before they actually hit the routing decision that sends them onward to the INPUT or FORWARD chains in the filter table. The only reason that we talk about this chain in this script is that we once again feel obliged to point out that you should not do any filtering in it. The PREROUTING chain is only traversed by the first packet in a stream, which means that all subsequent packets will go totally unchecked in this chain. As it is with this script, we do not use the PREROUTING chain at all, however, this is the place we would be working in right now if we wanted to do DNAT on any specific packets, for example if you want to host your web server within your local network. For more information about the PREROUTING chain, read the Traversing of tables and chains chapter.
Caution! The PREROUTING chain should not be used for any filtering since, among other things, this chain is only traversed by the first packet in a stream. The PREROUTING chain should be used for network address translation only, unless you really know what you are doing.
- Configuration options
- Initial loading of extra modules
- proc set up
- Displacement of rules to different chains
- Setting up default policies
- Setting up user specified chains in the filter table
- INPUT chain
- FORWARD chain
- OUTPUT chain
- PREROUTING chain of the nat table
- Starting SNAT and the POSTROUTING chain
- DNAT target
- FORWARD chain
- 4.4.4 The Dispatcher
- About the author
- Chapter 6. Traversing of tables and chains
- Chapter 7. The state machine
- Chapter 10. Iptables matches
- Chapter 11. Iptables targets and jumps
- Chapter 15. Graphical User Interfaces for Iptables
- Chapter 16. Commercial products based on Linux, iptables and netfilter
- Appendix A. Detailed explanations of special commands
- Appendix E. Other resources and links