ipchains && ipmasqadm portfw

ipchains && ipmasqadm portfw

Post by /dev/nul » Sat, 06 Oct 2001 14:12:49



if I set the default action on the input chain to DENY (via ipchains) and
never specify to allow port "X", but I do use ipmasqadm portfw to forward
port "X" to another internal box, will it get forwarded, or will ipchains
DENY the packet before portfw gets a chance at it?

/dev/null

web: www.BeginThread.com/dev.null

 
 
 

ipchains && ipmasqadm portfw

Post by Dean Thompso » Sat, 06 Oct 2001 15:55:57


Hi!,

Quote:> if I set the default action on the input chain to DENY (via ipchains) and
> never specify to allow port "X", but I do use ipmasqadm portfw to forward
> port "X" to another internal box, will it get forwarded, or will ipchains
> DENY the packet before portfw gets a chance at it?

I suspect it will deny the packet as there is nothing in the input chain to
allow it in.  I think from memory the packets under ipchains go something
like:

INPUT <---> FORWARD <---> OUTPUT

As their traversal order.   As a result, a block at the input stage would lead
to the packet being rejected.  Been awhile since I have looked at the flow of
packets using ipchains.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+