A brief, high-level introduction to Linux networking architecture. Explains how the Linux kernel manipulates network traffic using a top-down approach and basic framework to route
Have you ever wondered why Linux network management is so confusing? You need only make a cursory review of the history of Linux networking tools to understand how it got this way.
Andreasson, Oskar. Iptables Tutorial 1.2.1. Chapter 6: Traversing of tables and chains. https://www.frozentux.net/iptables-tutorial/chunkyhtml/c962.html.
Andreasson, Oskar. 2006.
Two systems built-in to Ubuntu manage network routing: route (a legacy system) and ip route. Both use the same underlying code, yet report networking context a
We will begin the detailed discussion of the first component of the Routing Policy DataBase (RPDB) triad: routes (the other two components are ip rules and ip
Now that you have a basic understanding of Linux network routing, it's time to delve into some interesting things you can do with this information.
Here are
Hopefully, you have already read and/or understand these concepts:
A traditional router stores network route information in routing tables. A routing table is a map of a network. Linux uses a policy based routing system, aptly called a
Routers manage routes. Some routers act as gateways. A gateway is a forwarding router that forms a bridge between local and remote networks. A gateway is required when sending a packet
Thinking of creating split routes or split gateways? This article is a basic introduction, but it is a hands-on tutorial and will walk you through the building blocks of
There are a large number of filters you may apply to your server's network rules via the iptables command. Some of these are found in extensions to iptables.
The following
Here are a few helpful tips related to rule and route testing.
If you make changes to ip rules, ip routes, or iptables and wish to utilize them prior to
One of the challenges of iptables, routes, and rules (iprules) is making changes to them permanent. Any changes you make on-the-fly only last until the next system restart.
Protocols operate in a similar manner to Match Extensions. Protocols filter the current packet based on the current communications protocol. There are only a few options, and
This category primarily covers:
Primarily covers iptables, ipchains, and ip rules. It also touches on ufw (Uncomplicated FireWall), and nftables ("NetFilter Tables"), the successor
It may not be obvious, but you need to test your rules - both routing rules (per ip rules) and iptables rules - before you cement them in place. One of the great things about the
Chart of the most commonly used iptables rule syntax, demonstrating command syntax along with the tables and chains where each command may be utilized. The table scrolls
This is not common knowledge. Contrary to most literature, you can use SECMARK and CONNSECMARK without SELinux. This article explains what that means and
