iptables redirect question.

Hi,

I have a question on the use of iptables. If I run the following
command:

iptables -t nat -A OUTPUT --dport 80 -j REDIRECT --to-port 3333

How the packet will be processed by the iptables?

-->PREROUTING------->FORWRD------------>POSTROUTING
| |
| |
| |
INPUT OUTPUT
| |
| |
local process

According to man page:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and
OUTPUT chains, and user-defined chains which are only called from those
chains. It alters the destination IP address to send the packet to the
machine itself (locally-generated packets are mapped to the 127.0.0.1
address).


Does the packet still have destination's Address after it pass the
OUTPUT block? If the packet received by port 3333 does not have the
destination IP address, how the server behind the port 3333 to get the
dst ip to communicates with the real destination?

Does this packet need to first pass the POSTROUTING, then come in
through PREROUTING, INPUT block to reach port 3333? Or it has some
shortcut?


Thanks!

Yong

On Thu, 08 Dec 2005 16:04:47 -0800, yozhang wrote:

> Hi,
>
> I have a question on the use of iptables. If I run the following
> command:
>
> iptables -t nat -A OUTPUT --dport 80 -j REDIRECT --to-port 3333
>
> Does the packet still have destination's Address after it pass the
> OUTPUT block?

Yes, the only thing you have changed is the destination port that the
packet was heading to.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----