difference between the chains

Hi.,
If any one tell me the difference betweent the iptables chains in brief

for what input chain
for what forward chain
for what output chain
for what prerouting chain
for what postrouting chain
In which location filteration is takin place for ecah chain

regards,
Prabhakaran.D

Check out this two part tutorial series, (1) and (2) , which gives an excellent but brief introduction to iptables.

Hi,

As I understand.. and put I in lay mans terms
Input chain is the one, which handles incoming packets with the destination address of that particular machine.
Output chain is the one which takes care of the packets that are generated from that machine ( the one running iptables).
Forward chain is the one which takes care of the packets that passes through the machine to other PC..
To illustrate..

if ur firewall has 192.168.1.1 and 192.168.2.1 assigned.
If u ping 192.168.1.1 from 1.0 network I will pass through INPUT chain..

If u ping 192.168.2.10 from 192.168.1.0 ( NWork) it will pass through forward chain.
If you are running an application ( Say squid proxy Or even if u browse the net from the same box) where the packets are being generated form that box itself.. It will go through output chain.

Prerouting is the first thing that will be reached by the packet, If u want to port forward ( DNAT) u can do that here without affecting the routing decissions.
Postrouting is the one where the routing decisions happen, you can use it to SNAT/MASQ the connection.

Ok.. I am sorry.. I did not mean to confuse u more ;P

Bye

linuxmanju,

i am also contemplating on iptables.

Input chain is the one, which handles incoming packets with the destination address of that particular machine.

is it regardless of where network the packets coming from? let us say two networks connected to the firewall machine, the eth1 (internal) eth0 (external). are the incoming packets from the eth0 or from the eth1 is being handled by the input chain?


thx,

Hi monsky, it can be a bit tricky to get the hang of it. As linuxmanju has explained, the chain that is used depends on the final destination of the packet.

If the packet is destined for the eth0 interface's IP and originates on the network connected to eth0, then the INPUT chain takes care of it. On the other hand if the packet is destined for the eth1 interface's IP and originates on the network connected to eth0, then the FORWARD chain takes care of it.

[code:1]
Destination Source Chain
eth0 IP eth0 network INPUT
eth1 IP eth0 network FORWARD
eth0 IP eth1 network FORWARD
eth1 IP eth1 network INPUT
[/code:1]

tnx DaLight,

to make the question simple, let me ask things this way:

first question:

are packets coming from the INTERNAL network directed to the linux firewall are the packets being handled by the input chain?

are packets coming ALSO from the EXTERNAL network directed to the linux firewall are the packets being handled by the input chain?

are the packets regardless if it is from the INTERNAL (eth1) or EXTERNAL (eth0) are the things handled by the input?

am i missing something?