The popularity of Linux is inseparable from its complete network protocol implementation. If we have a Linux device, how can we make it support routing?
1 Hardware layer: supports multiple network interfaces. For example, for a mobile router, Ethernet ports and WIFI ports can be used as local ports, and 3, 4, and 5G dial-up ports can be used as WAN ports.
2 Kernel layer: need to be configured to support netfilter related options.
3 Application layer: need to install iptables software.
In addition to the above three points, the kernel file system also needs to turn on the ip_forward forwarding switch, echo 1> /proc/sys/net/ipv4/ip_forward.
Generally speaking, the points that affect the flow of network packets in the system include the kernel routing table, the kernel routing strategy, the netfilter filtering points configured by iptabels, and the forwarding switch points above. Below, we will sort it out:
Regarding iptables, it is a configuration software similar to the firewall function under Linux. The netfilter of the Linux kernel provides a network packet flow control mechanism, while the iptables of the application layer provides a control strategy. The design of this mechanism and strategy separation is worth learning and learning.
How does iptables implement policy configuration? It realizes flexible policy configuration by providing concepts such as tables, chains, and rules. Generally, when we issue an iptables policy, we need to specify what table (raw/nat/filter/mangle) and what chain (prerouting/input/forward/output/postrouting) to do with the rules (add, delete, check, and modify), What conditions or protocols the rules match (SNAT/DNAT/ttl/sport/dport/...), what actions should be taken after matching (accept/drop/...), etc.
