Re: [Openvds-devel] iptables

[Simon Garner]

From: "Eje Gustafsson" <address@hidden>

> I not played around with that part. I just recently started to play
> with iptables was using ipchains until recently so not entire familiar
> with iptables. However the chain that is being used is called
> PREROUTING and there is something that is called POSTROUTING also and
> in between we got OUTPUT.
> My understanding is that PREROUTING only affects packages that enter
> the machine. POSTROUTING only packages that leave the firewall.
> So to be able to alter locally generated traffic you need to alter in
> the OUTPUT chain (from my understanding the output been/is slightly
> broken and not functioning as should so this might been/be the reason
> why this one was not/is not used)
>

Hmm, any ideas how we would make these rules work with the OUTPUT chain?

Btw, anyone know any decent documentation for iptables? The man page is just
a reference which assumes to much existing knowledge, while a couple of the
HOWTOs I've looked at just deal with esoteric scenarios which don't apply to
what I want to do (stuff like this port forwarding).


> Personally I never seen a browser that ever used udp to connect to
> port 80 or 443. Guess I could always setup a rule on my firewall to
> log any usage of udp to port 80 or 443 and let it run and see if I
> after a few days have any calls using udp on these ports.
> What would happen if you didn't have the rules there in place ?
> Nothing much would be my guess all browsers I seen use tcp at all
> times so shouldn't be any problem. If someone do something very odd or
> weird I guess the call would fail if the rules wasn't there.
>

My thoughts exactly. I'll take them out, just to simplify things a little
:-)

Simon