James B. Byrne wrote: > My understanding is that INCOMING packets, for the purposes of > iptables, originate outside the host interfaces and that OUTGOING > packets originate from, or are forwarded across, the host itself. > So, as I understand things, traffic from network C/24 destined to > B/24 comes IN eth0, is forwarded to eth1, and then goes OUT eth1. > Similarly, traffic from B/24 to C/24 comes IN eth1 and goes OUT > eth0. Is my understanding correct? > No. You don't have it right. INPUT packets are packets destined for the router own IP addresses (not going to any other machines) FORWARD packets are packets being routed through the router (but not targeted for the routers own IP addresses) OUTPUT packets are packets originated from the router itself (not packets being routed from other machines). -- Benjamin Franz