beautypg.com

Iptables – Moxa Technologies UC-7420/7410 User Manual

Page 58

background image

UC-7420/7410 User’s Manual

Managing Communication

4-6

IPTABLES

IPTABLES is an administrative tool for setting up, maintaining, and inspecting the Linux kernel’s
IP packet filter rule tables. Several different tables are defined, with each table containing built-in
chains and user-defined chains.

Each chain is a list of rules that apply to a certain type of packet. Each rule specifies what to do
with a matching packet. A rule (such as a jump to a user-defined chain in the same table) is called
a “target.”

UC-7420/7410 supports 3 types of IPTABLES table: Filter tables, NAT tables, and Mangle
tables:

A. Filter Table—includes three chains:

INPUT chain
OUTPUT chain
FORWARD chain

B. NAT Table—includes three chains:

PREROUTING chain—transfers the destination IP address (DNAT)
POSTROUTING chain—works after the routing process and before the Ethernet device
process to transfer the source IP address (SNAT)
OUTPUT chain—produces local packets

sub-tables

Source NAT (SNAT)—changes the first source packet IP address
Destination NAT (DNAT)—changes the first destination packet IP address
MASQUERADE—a special form for SNAT. If one host can connect to internet, then
other computers that connect to this host can connect to the Internet when it the computer
does not have an actual IP address.
REDIRECT—a special form of DNAT that re-sends packets to a local host independent
of the destination IP address.

C. Mangle Table—includes two chains

PREROUTING chain—pre-processes packets before the routing process.
OUTPUT chain—processes packets after the routing process.
It has three extensions—TTL, MARK, TOS.

The following figure shows the IPTABLES hierarchy.