UC-7420/7410 User’s Manual | Managing Communication |
IPTABLES
IPTABLES is an administrative tool for setting up, maintaining, and inspecting the Linux kernel’s IP packet filter rule tables. Several different tables are defined, with each table containing built-in chains and user-defined chains.
Each chain is a list of rules that apply to a certain type of packet. Each rule specifies what to do with a matching packet. A rule (such as a jump to a user-defined chain in the same table) is called a “target.”
UC-7420/7410 supports 3 types of IPTABLES table: Filter tables, NAT tables, and Mangle tables:
A.Filter Table—includes three chains:
INPUT chain OUTPUT chain FORWARD chain
B.NAT Table—includes three chains:
PREROUTING chain—transfers the destination IP address (DNAT)
POSTROUTING chain—works after the routing process and before the Ethernet device process to transfer the source IP address (SNAT)
OUTPUT chain—produces local packets sub-tables
Source NAT (SNAT)—changes the first source packet IP address Destination NAT (DNAT)—changes the first destination packet IP address
MASQUERADE—a special form for SNAT. If one host can connect to internet, then other computers that connect to this host can connect to the Internet when it the computer does not have an actual IP address.
REDIRECT—a special form of DNAT that re-sends packets to a local host independent of the destination IP address.
C.Mangle Table—includes two chains
PREROUTING chain—pre-processes packets before the routing process. OUTPUT chain—processes packets after the routing process.
It has three extensions—TTL, MARK, TOS.
The following figure shows the IPTABLES hierarchy.
4-6