I just have a small query as I am confused with the directions of packets. When setting a rule for the INPUT table, there is a source and destination setting. From the examples given in the above tutorial, when an incoming packet is received, the source is a local IP and destination is the world. Shouldn´t the incoming packet´s source be the world and destination the local LAN IP address?
Hi, As per my knowledge INPUT table is meant for purpose of allowing/disallowing packets for local host running the Iptable service. For e.g. suppose your machine (I'll call it HostA) hosting the iptable service is also running DHCP service then you may wish to allow machines on local network to be able to connect to port 67 on HostA. Thus you'll need to add a rule like:
-A INPUT -p udp --dport 67 -j ACCEPT
If some host on your private network wants to connect to a remote host on a specific port then you'll be using FORWARD table to allow access as follows:
-A FORWARD -p tcp -s 192.168.0.2 -d 91.129.121.80 --dport 8090 -j ACCEPT
Also after you've mentioned all FORWARD rules you'd also like to mention following rule:
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
Hope this info helps.
Regards, Mayank