Network -----------+----------- | +---------+---------+ | PREROUTING | | +-------+-------+ | | | conntrack | | | +-------+-------+ | | | mangle | | - MARK WRITE | +-------+-------+ | | | IMQ | | | +-------+-------+ | | | nat | | - DEST REW
Network
-----------+-----------
|
+---------+---------+
| PREROUTING |
| +-------+-------+ |
| | conntrack | |
| +-------+-------+ |
| | mangle | | <- MARK WRITE
| +-------+-------+ |
| | IMQ | |
| +-------+-------+ |
| | nat | | <- DEST REWRITE
| +-------+-------+ | DNAT or REDIRECT
+---------+---------+
|
+-------+-------+
| ipchains |
| input |
+-------+-------+
|
+-------+-------+
| QOS |
| INGRESS |
+-------+-------+
|
packet is for +-------+-------+ packet is for
this machine | INPUT | another address
+--------------+ ROUTING +--------------+
| | + PDBB | |
| +---------------+ |
+-------+-------+ |
| INPUT | |
| +-----+-----+ | |
| | filter | | |
| +-----+-----+ | |
+-------+-------+ |
| |
+-------+-------+ |
| Local | +-------+-------+
| Process | | FORWARD |
+-------+-------+ | +-----+-----+ |
| | | mangle | | <- MARK WRITE
+-------+-------+ | +-----+-----+ |
| OUTPUT | | | filter | |
| ROUTING | | +-----+-----+ |
+-------+-------+ +-------+-------+
| |
+-------+-------+ |
| OUTPUT | +-------+-------+
| +-----------+ | | ipchains |
| | conntrack | | | forward |
| +-----+-----+ | +-------+-------+
| | mangle | | <- MARK WRITE |
| +-----+-----+ | |
| | nat | | <-DEST REWRITE |
| +-----+-----+ | DNAT or REDIRECT |
| | filter | | |
| +-----+-----+ | |
+-------+-------+ |
| |
+------------------+ +------------------+
| |
+--+-------+--+
| ipchains |
| output |
+------+------+
|
+---------+---------+
| POSTROUTING |
| +-------+-------+ |
| | mangle | | <- MARK WRITE
| +-------+-------+ |
| | nat | | <-SOURCE REWRITE
| +-------+-------+ | SNAT or MASQUERADE
| | conntrack | |
| +-------+-------+ |
| | IMQ | |
| +-------+-------+ |
+---------+---------+
|
+------+------+
| QOS |
| EGRESS |
+------+------+
|
-----------+-----------
Network