IPTABLES


 * NAT table - responisble for handling network address translation - making or changing IP addresses to a particular source or destination address. Chains : prerouting, postrouting,output
 * Mangle Table - responsible for alterning or marking packets. For e.g change the ToS bits in TCP header so that QoS mechanism can be applied to a packet. Chains: All standard available.
 * Raw table - used mainly for dealing with packets at very low level. It is used for configuring exemptions from connection tracking. The rules specified in the raw table operate at higher priority than the rules in other tables
 * Filter table is responsible for providing basic packet filtering. This can be used to allow or block traffic. For e.g blocking all trafic except port 22 or 25. Chains: Forward,input,output.
 * Security table - used for managing mandatory access control

NAT - allows to hide hosts on both sides of a router Chain - simply a list of rules that act on the packet flowing through the system
 * SNAT(Source NAT) - is responsible for chaning the source IP address and port..
 * DNAT(Destination NAT) - responsible for changing the dest ip address to port . This is useful for situations in which administators want to hide servers in private network( DMZ) and map external IP addresses to internal address for incoming traffic.
 * Masquerading - special case of SNAT. This is useful in situations in which multiple systems inside a private network need to share single dynamically assigned IP address to the outside world.
 * prerouting - First thing a packet hits when entering the system. From NAT perspective this is the ideal point at which to perform a DNAT which changes the dest Ip address of packets,
 * forward - is only invoked in the case when IP forwarding is enabled and the packet is destined for a system other than the host itself.
 * postrouting - In this chaing, we can alter source IP address for the purpose of SNAT.
 * input - Is inoked when a packet is destined for the host itself.
 * output - is invoked when packets are sent from applications running on the host itself.
 * 1) iptables -L - list --line numbers
 * 2) iptables -t table -A chain rule-spec - append rule-spec to chain
 * 3) iptables -t table -D chain rule-spec - delete rule-spec from chain
 * 4) iptables -t table -I chain [ rulenum] rule-spec - insert rule-spec at rulenum
 * 5) iptables -t table -L chain - List rules on chain
 * 6) iptables -t table -F chain - Flush
 * 7) iptables -t table -Z chain - Zero all counters on chain.
 * 8) iptables -t table -N chain - Define a new chain
 * 9) iptables -t table -X chain - Delete chain
 * iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
 * iptables -t filter -A INPUT -s 172.16/16 -j DROP
 * iptables -t filter -A FORWARD -d 10.100.93.0/24 -j ACCEPT
 * iptables -A forward -i eth1 -d 10.4.3.2 -j ACCEPT
 * iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

MASQUERADE
 * iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
 * iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
 * iptables -A FORWARD -j LOG
 * iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE