iptables – Understanding Connection Tracking in iptables

iptables

There are four tables and five chains in iptables concept.
All the tables:raw,filter,nat,mangle;and the chains:input,output,forward,prerouting,postrouting.
The diagram below shows the flow of packets through the chains in various tables in detail.
The diagram below shows the flow of packets through the chains in various tables:
Let's have a look at output chain (same as in prerouting chain),it says from right to left that raw,connecting tracking,mangle,nat,filter,is connecting tracking a kind of table?
A conclusion in the webpage says Each of these tables are composed of a few default chains,so from this conclusion, i think that connecting tracking is a kind of table.

Best Answer

It's not an iptables-"table", but a module making use of the linux kernel functionality of connection tracking, which stores connection information in /proc/net/ip_conntrack and/ or /proc/net/nf_conntrack.

Related Solutions

Iptables and SNAT

Remove the three rules you have above and try adding this:

$IPTABLES -t NAT -A POSTROUTING -s 192.x.y.a -j SNAT 192.x.y.b
$IPTABLES -A FORWARD -s 192.x.y.a -J ACCEPT

And enter the following command:

echo 1 > /proc/sys/net/ipv4/ip_forward

You should also have a rule similar to the following in your firewall:

$IPTABLES -t FILTER -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

That will take care of all established/related connections, instead of making a rule for each one.

Iptables nat: Handle OUTPUT chain via PREROUTING chain / forward from OUTPUT to PREROUTING

Yes, this is called NAT Loopback and it requires you to SNAT your locally generated packets to your external IP. This will cause your packets to loop back around and go through your PREROUTING chain.

Best Answer

Related Solutions

Iptables and SNAT

Iptables nat: Handle OUTPUT chain via PREROUTING chain / forward from OUTPUT to PREROUTING

Related Topic