More About Iptables

See iptables-save configuration

sudo iptables-save

Let’s disable ufw:

sudo ufw disable

and then remove it

sudo apt remove ufw

Let’s do all the work in IPTABLES!

For a persistent configuration:

touk@ubuntu-server:~$ sudo apt list iptables*
Listing... Done
iptables-converter-doc/jammy 0.9.8-1.2 all
iptables-converter/jammy 0.9.8-1.2 all
iptables-netflow-dkms/jammy 2.6-2ubuntu1 amd64
iptables-persistent/jammy,now 1.0.16 all [installed]
iptables/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed]

it is already installed for me the ‘iptables-persistent’ package

TURN YOUR LINUX MACINE INTO A ROUTER

We need to enable ip forwrding so a packet can jump from one interface to another

sudo vim /etc/sysctl.conf

this setting takes effect when system boots or force it

sudo sysctl -p

touk@ubuntu-server:/etc/iptables$ sudo sysctl -p
net.ipv4.ip_forward = 1

And now everything is saved in /etc/iptables/rules*

touk@ubuntu-server:/etc/iptables$ ls
rules.v4  rules.v6

[k8s@k8s-manager ~]$ ping -I ens33 google.com
PING google.com (142.250.203.238) from 192.168.1.16 ens33: 56(84) bytes of data.
64 bytes from mrs08s21-in-f14.1e100.net (142.250.203.238): icmp_seq=1 ttl=114 time=24.0 ms
64 bytes from mrs08s21-in-f14.1e100.net (142.250.203.238): icmp_seq=2 ttl=114 time=20.8 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 20.767/22.376/23.985/1.609 ms
[k8s@k8s-manager ~]$ ping -I ens36 google.com
PING google.com (142.250.203.238) from 172.16.1.102 ens36: 56(84) bytes of data.
From k8s-manager (172.16.1.102) icmp_seq=1 Destination Host Unreachable
From k8s-manager (172.16.1.102) icmp_seq=2 Destination Host Unreachable
From k8s-manager (172.16.1.102) icmp_seq=3 Destination Host Unreachable

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
touk@ubuntu-server:/etc/iptables$ sudo iptables -t nat -s 172.16.1.0/24 -A POSTROUTING -j MASQUERADE

good command to monitor traffic with iptables

sudo watch -n 0.5 iptables -vnL --line