iptables NAT 和伪装规则 - 它们是做什么的? [英] Iptables NAT and Masquerade rules - what do they do?
问题描述
我遵循了教程(德语) 在 Raspberry Pi 上设置 WiFi 路由器(接入点).按照教程,我必须添加以下 iptable 规则:
i've followed a tutorial (in german) on setting up a WiFi Router (Access Point) on a Raspberry Pi. Following the tutorial i had to add the following iptable rules:
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
不幸的是,我对 iptables 没有任何经验,想知道规则是什么意思/做什么?
Unfortunately i dont have any experience with iptables and would like to know what the rules mean/do?
推荐答案
我会仔细检查规则,并一次性解释每个规则:要了解流程,请参阅iptables 图表
I go through the rules, and explain each at once: for understanding the flow, refer to the iptables chart
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
在 FORWARD
链中,您附加了一条规则,该规则表示:如果有新的数据包,从 wlan0
到 eth0
,过滤器让它通过,并作为 NEW
跟踪该连接(这意味着:跟随它的状态变化).
In the FORWARD
chain, you appended a rule which says: if any packet comes newly, from wlan0
to eth0
, the filter lets it pass, and tracks that connection as NEW
(which means: follows its change of state).
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
对于任何作为ESTABLISHED
或RELATED
跟踪的数据包,过滤器都会让它通过
For any packets coming, tracked as ESTABLISHED
or RELATED
, the filter lets it pass
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
对于NAT
表(包含FORWARD
链),在POSROUTING
链中,任何离开eth0
的数据包code> 忘记了它的内部 IP 地址(因此,保留在 NAT 后面),并获取 eth0
之一:MASQUERADE
代表屏蔽地址.
For the NAT
table (which contains the FORWARD
chain), in the POSROUTING
chain, any packet leaving eth0
forgets its inner IP address (so, stays behind a NAT), and gets the one of eth0
: MASQUERADE
stands for masking the address.
这篇关于iptables NAT 和伪装规则 - 它们是做什么的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!