Useful iptables Information
Many a nerd has written an article or two about
iptables but I thought I would write a few pages, I don't
want to feel left out.
You remember Mr McKittrick and Paul, I think, from WarGames? Unfortunately I cannot take the credit for this cool idea... it was on a blog by dediserve that is not available anymore. I thought it would be a shame to lose this masterpiece so I recreated it :-).
Visualising the IP filtering mechanism
This diagram is just fantastic to help you diagnose problems and create your rules. I do not know who created it but it is in one of the Linux documentation project documents I think, if I find a link I will put it here.
Interacting with iptables
The iptables command is how we interact with IPv4
iptables. To look at rules for IPv6 iptables (if you have the tool
installed and your kernel has IPv6 support) the command is
ip6tables.
gre and iptables
I use a Raspberry Pi for routing some traffic and I wanted to get my PPTP VPN for work working over the Raspberry Pi router. This took me longer than I thought because GRE packets are not handled like I thought they would be. Anyway to get this working one must add the MASQUERADE match as you would normally:
Chain POSTROUTING 432691 28991316 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
And load some modules into your kernel:
Module Size Used by nf_nat_pptp 2444 0 nf_nat_proto_gre 1311 1 nf_nat_pptp nf_conntrack_pptp 4172 1 nf_nat_pptp nf_conntrack_proto_gre 3803 1 nf_conntrack_pptp ip_gre 10648 0 gre 1633 1 ip_gre ip_tunnel 13258 1 ip_gre
I don't know if you actually need ALL those modules but
nf_conntrack_proto_gre looks quite important!
Lazy Ben...
Until I have some time to update this page, please see an interesting article on the same thing (or similar) for routing a specific user's traffic via a dedicated routing table on my Freenet Routing Fu page.