See iptables-save configuration
sudo iptables-save
Let’s disable ufw:
sudo ufw disable
and then remove it
sudo apt remove ufw
Let’s do all the work in IPTABLES!
For a persistent configuration:
touk@ubuntu-server:~$ sudo apt list iptables*
Listing... Done
iptables-converter-doc/jammy 0.9.8-1.2 all
iptables-converter/jammy 0.9.8-1.2 all
iptables-netflow-dkms/jammy 2.6-2ubuntu1 amd64
iptables-persistent/jammy,now 1.0.16 all [installed]
iptables/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed]
it is already installed for me the ‘iptables-persistent’ package
TURN YOUR LINUX MACINE INTO A ROUTER
We need to enable ip forwrding so a packet can jump from one interface to another
sudo vim /etc/sysctl.conf
this setting takes effect when system boots or force it
sudo sysctl -p
touk@ubuntu-server:/etc/iptables$ sudo sysctl -p
net.ipv4.ip_forward = 1
And now everything is saved in /etc/iptables/rules*
touk@ubuntu-server:/etc/iptables$ ls
rules.v4 rules.v6
[k8s@k8s-manager ~]$ ping -I ens33 google.com
PING google.com (142.250.203.238) from 192.168.1.16 ens33: 56(84) bytes of data.
64 bytes from mrs08s21-in-f14.1e100.net (142.250.203.238): icmp_seq=1 ttl=114 time=24.0 ms
64 bytes from mrs08s21-in-f14.1e100.net (142.250.203.238): icmp_seq=2 ttl=114 time=20.8 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 20.767/22.376/23.985/1.609 ms
[k8s@k8s-manager ~]$ ping -I ens36 google.com
PING google.com (142.250.203.238) from 172.16.1.102 ens36: 56(84) bytes of data.
From k8s-manager (172.16.1.102) icmp_seq=1 Destination Host Unreachable
From k8s-manager (172.16.1.102) icmp_seq=2 Destination Host Unreachable
From k8s-manager (172.16.1.102) icmp_seq=3 Destination Host Unreachable
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
touk@ubuntu-server:/etc/iptables$ sudo iptables -t nat -s 172.16.1.0/24 -A POSTROUTING -j MASQUERADE
good command to monitor traffic with iptables
sudo watch -n 0.5 iptables -vnL --line