Software firewall iptables under linux – setting of nat table rules – linux operation and maintenance

In addition to the most commonly used filter table, iptables also occasionally uses the nat table. Nat is network address translation, which is used to modify the source ip address or destination ip address. Now let’s look at the process of a simple data packet passing through iptables to the table and chain of the back-end host. 1. Through the PREROUTING chain of the NAT table 2. After routing to determine whether the data packet is going to enter the machine, if not, perform the next step p>3. Pass the FORWARD chain of Filter 4. Pass the POSTROUTING chain of the NAT table, and finally send it out The first step and the last step are related to NAT, that is, PREROUTING chain and POSTROUTING chain. The PREROUTING chain modifies the destination IP, referred to as DNAT POSTROUTING The source IP is modified by the chain, referred to as SNAT DNAT So which scenarios need to use DNAT, and what are the common applications of SNAT? For DNAT, the most common is to map the port of the internal network to the external network, so that other users can access it. In this way, the security of the internal network…