Iptables INPUT, OUTPUT and FORWARD chains

iptables

Solution 1:

I believe you are asking the wrong question. eth1 interface is not part of eth0_input, and eth0_output is not part of eth0_forward - although they may be related in your configuration

  • eth0 and eth1 are interfaces.
  • eth0_input, eth0_output and eth0_forward are constructs created by your configuration rules, and while descriptive are entirely arbitrary.

Rules are separate to interfaces, although they interact with them.

In general -

  • Packets destined to the local machine are handled by the INPUT chain. Relatedly, Packets originating from the local machine (ignoring NAT) are handled with the OUTPUT chain.

  • Packets from other machines behind the router go through the FORWARD chain.

You will most likely find that eth0_forward chain has been used to control what servers & ports are exposed to the Internet, ie traffic originating from eth0 will be traffic from the world, and should only be allowed if - It corresponds to an outbound stream (ie caught by an earlier ESTABLISHED,RELATED rule) or is to a known port on a known system - in which case it should be allowed or rejected before it reaches eth1. THE RULE AS WRITTEN DEALS WITH TRAFFIC FROM THE WORLD BEFORE IT GETS TO THE LAN SIDE OF THE FIREWALL.

Related

How to setup disk encryption + periodic backup (SSD -> HDD -> Cloud) on a dual-boot environment?
Count negative values within date range (month)
Is the Linux install procedure the same on a VM as it is on a physical machine?
Create a "postgres" user account on OSX?
Two set of properties for a single wifi connection
How to set header with busybox httpd
Automatic Proxy Configuration Script - Lab Setup Process
10 NICs in 1U box - possible?
Google Cloud Compute Engine VMs with Alpine Linux
LDAP group filter using SSSD
Route outbound kubernetes traffic to NAT(in aws)
Galera cluster up sync but missing variable wsrep_cluster_size