iptables NAT和伪装规则-它们做什么? [英] Iptables NAT and Masquerade rules - what do they do?

问题描述

我遵循了教程(德语) )在Raspberry Pi上设置WiFi路由器(访问点).在学习本教程之后，我必须添加以下iptable规则:

i've followed a tutorial (in german) on setting up a WiFi Router (Access Point) on a Raspberry Pi. Following the tutorial i had to add the following iptable rules:

iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

不幸的是，我没有使用iptables的经验，想知道规则的含义/作用?

Unfortunately i dont have any experience with iptables and would like to know what the rules mean/do?

推荐答案

我仔细阅读了规则，并一次解释了每个规则:要了解流程，请参阅

I go through the rules, and explain each at once: for understanding the flow, refer to the iptables chart

iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT

在FORWARD链中，添加了一条规则，该规则说:如果有新数据包从wlan0到eth0，则过滤器将允许它通过，并以NEW的形式跟踪该连接(这意味着:跟随状态的变化.

In the FORWARD chain, you appended a rule which says: if any packet comes newly, from wlan0 to eth0, the filter lets it pass, and tracks that connection as NEW (which means: follows its change of state).

iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

对于要跟踪为ESTABLISHED或RELATED的任何数据包，过滤器会使其通过

For any packets coming, tracked as ESTABLISHED or RELATED, the filter lets it pass

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

对于NAT表(包含FORWARD链)，在POSROUTING链中，任何离开eth0的数据包都将忘记其内部IP地址(因此，它留在NAT后面)并得到一个的eth0:MASQUERADE代表屏蔽地址.

For the NAT table (which contains the FORWARD chain), in the POSROUTING chain, any packet leaving eth0 forgets its inner IP address (so, stays behind a NAT), and gets the one of eth0: MASQUERADE stands for masking the address.

这篇关于iptables NAT和伪装规则-它们做什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！