Part 1. Concepts

Table of Contents

1. Basic IP Connectivity
1.1. IP Networking Control Files
1.2. Reading Routes and IP Information
1.2.1. Sending Packets to the Local Network
1.2.2. Sending Packets to Unknown Networks Through the Default Gateway
1.2.3. Static Routes to Networks
1.3. Changing IP Addresses and Routes
1.3.1. Changing the IP on a machine
1.3.2. Setting the Default Route
1.3.3. Adding and removing a static route
1.4. Conclusion
2. Ethernet
2.1. Address Resolution Protocol (ARP)
2.1.1. Overview of Address Resolution Protocol
2.1.2. The ARP cache
2.1.3. ARP Suppression
2.1.4. The ARP Flux Problem
2.2. Proxy ARP
2.3. ARP filtering
2.4. Connecting to an Ethernet 802.1q VLAN
2.5. Link Aggregation and High Availability with Bonding
2.5.1. Link Aggregation
2.5.2. High Availability
3. Bridging
3.1. Concepts of Bridging
3.2. Bridging and Spanning Tree Protocol
3.3. Bridging and Packet Filtering
3.4. Traffic Control with a Bridge
3.5. ebtables
4. IP Routing
4.1. Introduction to Linux Routing
4.2. Routing to Locally Connected Networks
4.3. Sending Packets Through a Gateway
4.4. Operating as a Router
4.5. Route Selection
4.5.1. The Common Case
4.5.2. The Whole Story
4.5.3. Summary
4.6. Source Address Selection
4.7. Routing Cache
4.8. Routing Tables
4.8.1. Routing Table Entries (Routes)
4.8.2. The Local Routing Table
4.8.3. The Main Routing Table
4.9. Routing Policy Database (RPDB)
4.10. ICMP and Routing
4.10.1. MTU, MSS, and ICMP
4.10.2. ICMP Redirects and Routing
5. Network Address Translation (NAT)
5.1. Rationale for and Introduction to NAT
5.2. Application Layer Protocols with Embedded Network Information
5.3. Stateless NAT with iproute2
5.3.1. Stateless NAT Packet Capture and Introduction
5.3.2. Stateless NAT Practicum
5.3.3. Conditional Stateless NAT
5.4. Stateless NAT and Packet Filtering
5.5. Destination NAT with netfilter (DNAT)
5.5.1. Port Address Translation with DNAT
5.6. Port Address Translation (PAT) from Userspace
5.7. Transparent PAT from Userspace
6. Masquerading and Source Network Address Translation
6.1. Concepts of Source NAT
6.1.1. Differences Between SNAT and Masquerading
6.1.2. Double SNAT/Masquerading
6.2. Issues with SNAT/Masquerading and Inbound Traffic
6.3. Where Masquerading and SNAT Break
7. Packet Filtering
7.1. Rationale for and Introduction to Packet Filtering
7.1.1. History of Linux Packet Filter Support
7.2. Limits and Weaknesses of Packet Filtering
7.2.1. Limits of the Usefulness of Packet Filtering
7.2.2. Weaknesses of Packet Filtering
7.2.3. Complex Network Layer Stateless Packet Filters
7.3. General Packet Filter Requirements
7.4. The Netfilter Architecture
7.4.1. Packet Filtering with iptables
7.5. Packet Filtering with ipchains
7.5.1. Packet Mangling with ipchains
7.6. Protecting a Host
7.7. Protecting a Network
7.8. Further Resources
8. Statefulness and Statelessness
8.1.
8.2. Statelessness of IP Routing
8.3. Netfilter Connection Tracking
8.3.1.
8.3.2.