[ previous ] [ next ] [ threads ]
 
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  lola at yais dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Destinatin Interfaces & NAT
 Date:  Fri, 30 Jul 2004 01:25:44 +0800 (MYT) 
On Thu, 29 Jul 2004 lola at yais dot net wrote:

> > Question 2: Do the filter rules get processed before that NAT rules?
> > Like if I create a rule that says "Drop all traffic from 192.168.1.50",
> > will it still get NAT'd out to the WAN?
>
> nat happens before looking at the rules. this means your ruleset only "sees"
> the already natted ips.

actually, for outgoing packets, ipfilter sees them before ipnat, hence in
the OP's question, that rule would drop all packets from 192.168.1.150 and
not allow them out the WAN.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+