Home > Developer > Linux

Introduction to the use of iptables on Red Flag Linux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Introduction to Iptables Use

  
Iptables is a powerful network tool based on packet filtering, this article briefly introduces the use of iptables and how to use it to build a network firewall.

Iptables is composed of two subsystems, namely kernel module and user interface application, it can be compiled into the system kernel, can be compiled into the loading and unloading kernel module, then can choose to install some parts that can accomplish certain function, these parts implement IP address camouflage, port mapping, Packet filter and so on a series of functions.

  
Install Iptables

Iptables Many components of the configuration, compilation is associated with the kernel configuration, compilation, some Linux distributions have been pre-installed iptables, such as Redhat,redflag. However, you may still need to install it yourself.

First you need a 2.4.X version of the kernel, which can be downloaded from the http://Kernel.org.

You will also need a iptables user space program, which can be downloaded from the NetFilter home page.

When you are ready to begin compiling the kernel, locate the network packet filtering subkey under Networking options, select network packet filtering replaces and configure it.

After booting with the new kernel, the Iptables user space program is compiled and the installer copies the executable file to the/usr/local/sbin directory.

If everything goes well, we've successfully installed the support for Iptables and NetFilter in the kernel.

The service can be started by the user iptables start.

  
Tables and Chains

Here we discuss how the packets are passed between the iptables and the tables.

For example, a packet sent from an external host to this computer requires the following channels to be received by the application:

1. Packets are passed from the network and received by the NIC

2. The prerouting chain is then transferred to the Mangle table.

3. And then into the pretouting chain of the NAT table, this chain is mainly used to do dnat, that is, destination address forwarding.



This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More