Hi guys,....first sorry if my english is not so good....
I'm trying to understand how iptables woks. Now a friend made me a little "course" but in reality now i have even more doubts ..
Given a scenario of a machine that acts as a firewall and gateway on a LAN. Eth0 will be the netcard that goes to internet and eth1 the netcard that is on the LAN (for now I give up NAT).
First, is correct what i write below realted to the three chains??
The FORWARD chain concerns packets traversing the firewall but that are directed to other hosts (for example, from the Internet to the clients on the LAN and vice versa)
THE INPUT chain concers packets that are directed to the firewall and can come from both the LAN and the Internet
THE OUTPUT chain concerns the packets generated by the firewall and that are sent out to the LAN or to Internet ...
between the commands that my friend wrote in the firewall there is the following
iptables-A INPUT-i eth1-s 0/0-d 0/0 ACCEPT
Now for what I had understood the INPUT chain refers to packets going to the firewall, and if I understand the rule is written it says "do pass all incoming packets from the LAN with any source address (0/0) and for any destination (-d 0/0.) But if theINPUT chain is related to the packet with destination the Firewall machine what sense have put any destination in this rule?
I could understand this rule in the FORWARD CHAIN ........ but in the INPUT..... :
other:
with this line
echo 1> / proc/sys/net/ipv4/ip_forward
I enable forwarding between the two netcards, then it makes sense to add these two rules below:
iptables-A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables-A FORWARD -i eth0 -o eth1 -j ACCEPT
Evidently there is something obuscured for me .... Can you help me to figure out where I'm wrong?
I'm trying to understand how iptables woks. Now a friend made me a little "course" but in reality now i have even more doubts ..
Given a scenario of a machine that acts as a firewall and gateway on a LAN. Eth0 will be the netcard that goes to internet and eth1 the netcard that is on the LAN (for now I give up NAT).
First, is correct what i write below realted to the three chains??
The FORWARD chain concerns packets traversing the firewall but that are directed to other hosts (for example, from the Internet to the clients on the LAN and vice versa)
THE INPUT chain concers packets that are directed to the firewall and can come from both the LAN and the Internet
THE OUTPUT chain concerns the packets generated by the firewall and that are sent out to the LAN or to Internet ...
between the commands that my friend wrote in the firewall there is the following
iptables-A INPUT-i eth1-s 0/0-d 0/0 ACCEPT
Now for what I had understood the INPUT chain refers to packets going to the firewall, and if I understand the rule is written it says "do pass all incoming packets from the LAN with any source address (0/0) and for any destination (-d 0/0.) But if theINPUT chain is related to the packet with destination the Firewall machine what sense have put any destination in this rule?
I could understand this rule in the FORWARD CHAIN ........ but in the INPUT..... :
other:
with this line
echo 1> / proc/sys/net/ipv4/ip_forward
I enable forwarding between the two netcards, then it makes sense to add these two rules below:
iptables-A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables-A FORWARD -i eth0 -o eth1 -j ACCEPT
Evidently there is something obuscured for me .... Can you help me to figure out where I'm wrong?