DA-681 Linux
Managing Communications
3-11
IPTABLES Modules
The DA-681-LX supports the following sub-modules. Be sure to use the module that matches your application.
arptable_filter.ko
arp_tables.ko
arpt_mangle.ko
ip_conntrack_amanda.
ko
ip_conntrack_ftp.ko
ip_conntrack_h323.ko
ip_conntrack_irc.ko
ip_conntrack.ko
ip_conntrack_netbios_ns.
ko
ip_conntrack_netlink.ko
ip_conntrack_pptp.ko
ip_conntrack_proto_sctp.
ko
ip_conntrack_sip.ko
ip_conntrack_tftp.ko
ip_nat_amanda.ko
ip_nat_ftp.ko
ip_nat_h323.ko
ip_nat_irc.ko
ip_nat.ko
ip_nat_pptp.ko
ip_nat_sip.ko
ip_nat_snmp_basic.ko
ip_nat_tftp.ko
ip_queue.ko
iptable_filter.ko
iptable_mangle.ko
iptable_nat.ko
iptable_raw.ko
ip_tables.ko
ipt_addrtype.ko
ipt_ah.ko
ipt_CLUSTERIP.ko
ipt_dscp.ko
ipt_DSCP.ko
ipt_ecn.ko
ipt_ECN.ko
ipt_hashlimit.ko
ipt_iprange.ko
ipt_LOG.ko
ipt_MASQUERADE.ko
ipt_NETMAP.ko
ipt_owner.ko
ipt_recent.ko
ipt_REDIRECT.ko
ipt_REJECT.ko
ipt_SAME.ko
ipt_TCPMSS.ko
ipt_tos.ko
ipt_TOS.ko
ipt_ttl.ko
ipt_TTL.ko
ipt_ULOG.ko
The basic syntax to enable and load an IPTABLES module is as follows:
# lsmod
# modprobe ip_tables
# modprobe iptable_filter
Use
lsmod
to check if the
ip_tables
module has already been loaded in the DA-681-LX. Use
modprobe
to
insert and enable the module.
Use the following command to load the modules (
iptable_filter, iptable_mangle, iptable_nat
):
# modprobe iptable_filter
Use
iptables, iptables-restore, iptables-save
to maintain the database.
ATTENTION
IPTABLES plays the role of packet filtering or NAT. Be careful when setting up the IPTABLES rules. If the rules
are not correct, remote hosts that connect via a LAN or PPP may be denied. We recommend using the VGA
console to set up the IPTABLES. Click on the following links for more information about IPTABLES.
•
http://www.linuxguruz.com/iptables/
•
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have divided our
discussion of the various rules into three categories: Observe and erase chain rules, Define policy rules, and
Append or delete rules.
Observe and Erase Chain Rules
Usage:
# iptables [-t tables] [-L] [-n]
-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n: Numeric output of addresses and ports.
# iptables [-t tables] [-FXZ]