Specifications

DA-681 Linux Managing Communications

3-9

The DA-681-LX supports three types of IPTABLES: Filter tables, NAT tables, and Mangle tables.

Filter Table—includes three chains:

INPUT chain

OUTPUT chain

FORWARD chain

NAT Table—includes three chains:

PREROUTING chain—transfers the destination IP address (DNAT).

POSTROUTING chain—works after the routing process and before the Ethernet device process to transfer the

source IP address (SNAT).

OUTPUT chain—produces local packets.

Sub-tables

Source NAT (SNAT)—changes the first source packet IP address.

Destination NAT (DNAT)—changes the first destination packet IP address.

MASQUERADE—a special form for SNAT. If one host can connect to the Internet, then the other computers that

connect to this host can connect to the Internet when the computer does not have an actual IP address.

REDIRECT—a special form of DNAT that re-sends packets to a local host independent of the destination IP

address.

Mangle Table—includes two chains

PREROUTING chain—pre-processes packets before the routing process.

OUTPUT chain—processes packets after the routing process.

Mangle tables can have one of three extensions—TTL, MARK, TOS.