It's been a few years since I was heavily into custom iptables scripts, but I'm pretty sure the default FORWARD would apply to any packets. If it is set to ACCEPT, you shouldn't need individual rules since you're already handling them in PREROUTING, and will be ACCEPTING them, as long as nothing else about the packets needs to change.
---Paul. On Tue, Oct 13, 2020 at 8:17 AM Tilghman Lesher <[email protected]> wrote: > Just a simple question that I need confirmation on. > > I have an internal NAT to bridge wireless to a private Ethernet LAN. > I'm using the nat PREROUTING target to redirect high ports to certain > limited IPs behind the NAT, based upon a simple construction: > > Port 10031 on the bridge redirects to ethernet 172.17.2.100 on port 631 > Port 10131 redirects to 172.17.2.101 on port 631 > ... > Port 19931 redirects to 172.17.2.199 on port 631 > etc. > > I know I also need the FORWARD to allow that packet to pass through. > But if the FORWARD policy is set to ACCEPT, do I still need separate > FORWARD rules for each of the targets? Shouldn't the FORWARD policy > be what is done if no rule matches (i.e. to allow the packet through)? > > -- > Tilghman > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CAHPkZcURny316H726ZrjOmgzpjzaOAho6NNNkAGQ1NkcXtJfSA%40mail.gmail.com > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAL9PgS1obiP6DGWryFAZ9EUtdQFFtBjNXEqQkESQGHz3_M0JvA%40mail.gmail.com.
