Your organization's Linux firewall uses legacy iptables rules on a 5.x kernel. You have been asked to forward (port-forward) all HTTPS traffic arriving on eth0 (TCP 443) to an internal web server at 10.0.1.10. The new destination address must be applied before the kernel makes its routing decision so that subsequent filter rules and connection tracking view the packets as addressed to the private host. In which built-in Netfilter chain and table should you place the DNAT rule to meet this requirement?
Destination NAT must occur early-before routing-so the kernel can look up routes using the translated (internal) destination address. The only built-in place a DNAT target is allowed that meets this requirement for traffic arriving from the network is the PREROUTING chain of the nat table. Rules in POSTROUTING are evaluated after routing (used for SNAT/MASQUERADE), while the filter table's FORWARD chain and the mangle table cannot perform NAT transformations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNAT in Netfilter?
Open an interactive chat with Bash
Why is the PREROUTING chain used for DNAT?
Open an interactive chat with Bash
What is the difference between SNAT and DNAT in Netfilter?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access