The rule is appended to the nat table's PREROUTING chain and uses the DNAT target. In this chain, packets are processed before the routing decision, so changing their destination here causes the kernel to deliver them to the new address. Any TCP packet that arrives on eth0 with destination port 8443 has its destination address and port rewritten to 192.168.20.15:443. The packet is then routed toward that internal host, allowing the firewall to forward external connections on port 8443 to the web service running on port 443 inside the LAN.
No source address translation occurs, so options describing masquerading or SNAT are incorrect. Likewise, a REDIRECT action would send the traffic to a local port on the firewall itself, which the rule does not specify. Therefore, only the statement that the rule forwards incoming 8443/TCP traffic on eth0 to 192.168.20.15:443 is correct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the PREROUTING chain in iptables?
Open an interactive chat with Bash
What is DNAT in iptables, and how is it different from SNAT?
Open an interactive chat with Bash
How does the iptables nat table differ from the filter table?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access