Network address translation part 1 – packet tracing

The first post in a series about network address translation NAT. Part 1 shows how to use the iptablesnftables packet tracing feature to find the source of NAT related connectivity problems. .

Network address translation is one way to expose containers or virtual machines to the wider internet. Incoming connection requests have their destination address rewritten to a different one. Packets are then routed to a container or virtual machine instead. The same technique can be used for load-balancing where incoming connections get distributed among a pool of machines.

Connection requests fail when network address translation is not working as expected. The wrong service is exposed connections end up in the wrong container request time out and so on. One way to debug such problems is to check that the incoming request matches the expected or configured translation.

NAT involves more than just changing the ip addresses or port numbers. For instance when mapping address X to Y there is no need to add a rule to do the reverse translation. A netfilter system called 8220conntrack8221 recognizes packets that are replies to an existing connection. Each connection has its own NAT state attached to it. Reverse translation is done automatically. .


Read Full Post

News Link:
RSS Link:

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.