I will try to refresh my memory on networking stuffs, and I will start on IPTABLES, this is just a brief explanation if you want to learn more please go here

What is “IP Tables” and how does it work?

It is a mechanism for packet filtering that is native to 2.4 kernel series. System administrator usually uses this to filter packet, implement NAT and packet mangling (modification of information of IP packet headers before it enters routing).

CHAINS

for IP filtering there are three default chains; INPUT, OUTPUT and FORWARD
for NAT (network address translation) there are two; PREROUTING and POSTROUTING.

These chains are being filtered according to the set rules in the filter table of the kernel. Packets may be ACCEPted or DROPped.

Packets are being DROPped when the kernel doesn’t have forwarding enabled or it doesn’t know how to forward the packet, however when forwarding is enabled packet goes to the FORWARDING chain, if it is ACCEPted, it will be sent out which pass through the OUTPUT chain.

Packet mangling is done through the NAT process. Within the NAT, the translation tables can be set up to modify the source IP address (SNAT) and the destination IP address (DNAT) fields automatically.

SNAT is when you are altering the source address of the first packet or you are changing where is the source of connection is coming from, this is done during POSTROUTING. DNAT is when you alter the destination address of the first packet or you are changing where the connection is going to, this is done during PREROUTING

for example (this example is based on shorewall which is also based on IP tables)

ACTION –> SOURCE –> DESTINATION PROTOCOL –> DESTINATION PORT –> SOURCE PORT –> ORIGINAL DESTINATION

ACCEPT loc:10.1.0.1 net all – -

the local IP 10.1.0.1 accepts all packets coming from all network using all kinds of ports to any destination.

DNAT net loc:10.1.0.1 tcp 54305 – 125.212.102.159

the local IP 10.1.0.1 forwards the request to 125.212.102.159