What iptables chain applies when communicating two local network namespaces?

mosquetero

2/8/23, 4:14 PM

Imagine I have a host with two network namespaces and one veth per network namespace. Traffic from one interface to the other is routed by the root namespace, i.e. no bridge. Imagine namespace_1 pings namespace_2. The packets will end up hitting the iptables of the root namespace. According to the iptables diagram: https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg, after the routing decision is taken, packet will go to either INPUT or FORWARD chain depending if the destination is a local process. However, in this case, the "local" meaning is a bit confusing as both interfaces are within the same namespace. What iptables chain would the packets take: INPUT or FORWARD?

0 + 0

networking

iptables

linux-networking

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What iptables chain applies when communicating two local network namespaces?

TH: iptables chain ใดที่ใช้เมื่อสื่อสารเนมสเปซเครือข่ายท้องถิ่นสองรายการ

RO: Ce lanț iptables se aplică atunci când comunică două spații de nume de rețea locală?

RU: Какая цепочка iptables применяется при взаимодействии двух пространств имен локальной сети?

VI: Chuỗi iptables nào áp dụng khi giao tiếp hai không gian tên mạng cục bộ?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.