iptables NAT和伪装规则-它们做什么? [英] Iptables NAT and Masquerade rules - what do they do?
问题描述
我遵循了教程(德语) )在Raspberry Pi上设置WiFi路由器(访问点).在学习本教程之后,我必须添加以下iptable规则:
i've followed a tutorial (in german) on setting up a WiFi Router (Access Point) on a Raspberry Pi. Following the tutorial i had to add the following iptable rules:
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
不幸的是,我没有使用iptables的经验,想知道规则的含义/作用?
Unfortunately i dont have any experience with iptables and would like to know what the rules mean/do?
推荐答案
I go through the rules, and explain each at once: for understanding the flow, refer to the iptables chart
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
在FORWARD
链中,添加了一条规则,该规则说:如果有新数据包从wlan0
到eth0
,则过滤器将允许它通过,并以NEW
的形式跟踪该连接(这意味着:跟随状态的变化.
In the FORWARD
chain, you appended a rule which says: if any packet comes newly, from wlan0
to eth0
, the filter lets it pass, and tracks that connection as NEW
(which means: follows its change of state).
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
对于要跟踪为ESTABLISHED
或RELATED
的任何数据包,过滤器会使其通过
For any packets coming, tracked as ESTABLISHED
or RELATED
, the filter lets it pass
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
对于NAT
表(包含FORWARD
链),在POSROUTING
链中,任何离开eth0
的数据包都将忘记其内部IP地址(因此,它留在NAT后面)并得到一个的eth0
:MASQUERADE
代表屏蔽地址.
For the NAT
table (which contains the FORWARD
chain), in the POSROUTING
chain, any packet leaving eth0
forgets its inner IP address (so, stays behind a NAT), and gets the one of eth0
: MASQUERADE
stands for masking the address.
这篇关于iptables NAT和伪装规则-它们做什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!