This guide explains how to set up port forwarding on Windows using netsh and on Linux using iptables, covering query, addition, deletion of rules, a multi‑machine test environment, and verification with curl commands.
This guide walks through configuring port mapping on Windows using netsh and on Linux using iptables, covering query, addition, deletion, enabling packet forwarding, NAT rules, a multi‑VM test environment, and verification with curl commands.
This guide explains Linux firewall fundamentals, comparing the static iptables and dynamic firewalld tools, detailing their tables, chains, control actions, command‑line syntax, zone concepts, rich rules, and graphical configuration, while highlighting practical tips and common pitfalls.
This article introduces a systematic approach to diagnosing Kubernetes pod network issues, classifies common failure types, presents essential tools such as tcpdump, nsenter, paping and mtr, outlines a step‑by‑step troubleshooting workflow, and walks through several real‑world case studies to illustrate the process.
This article introduces iptables, explains its core concepts such as chains, rules, and tables, demonstrates common commands for listing, adding, deleting, and modifying rules, and presents a step‑by‑step firewall configuration case for securing jump‑hosts on CentOS systems.
This guide walks you through enabling firewall services, adding permanent ports, and reloading rules on CentOS 7 using firewalld, as well as editing iptables files and restarting the firewall on CentOS 6, complete with command examples and common pitfalls.
This guide walks through enabling the firewall, opening specific ports, and reloading rules on CentOS 7 using firewalld and on CentOS 6 using iptables, providing exact commands, optional parameters, and troubleshooting tips for successful network configuration.
This guide walks through setting up a three‑host Linux environment, using Docker, hping3, sar, tcpdump and iptables to reproduce a SYN‑Flood DDoS attack, analyze its impact with network tools, and apply kernel and firewall tweaks to mitigate the attack.
This article explains Linux connection tracking (conntrack), its implementation in Netfilter, and provides detailed instructions for using iptables—including rule queries, additions, deletions, modifications, saving, loading, match extensions, custom chains, and logging—to manage firewall behavior and network security effectively.
This article provides a comprehensive overview of iptables, detailing its host‑type filter table, limitations, the four main tables (filter, nat, mangle, raw), their respective chains, common command examples, and explains NAT concepts such as SNAT, DNAT, and MASQUERADE for Linux network security.
This article provides a comprehensive guide to Docker container networking, covering the default network drivers, the four Docker network modes (bridge, container, host, none), Linux network namespace commands, veth pair creation, inter‑namespace communication, and practical configuration examples such as port mapping, custom bridges, and DNS settings.
This guide explains how to detect traffic attacks on a low‑traffic Linux website, split Nginx logs daily, identify IPs with excessive requests, and automatically block them using iptables rules scheduled via cron, complete with ready‑to‑run Bash scripts and common firewall commands.
This article walks through three experiments—using iptables to implement SNAT, DNAT, and load‑balancing on a Debian router—detailing the network environment, required routing and NAT rules, configuration steps, and code snippets to achieve balanced outbound traffic and proper address translation.
This guide explains how to enable and configure Linux firewall ports on CentOS 7 using firewalld and on CentOS 6 using iptables, covering status checks, opening specific ports, reloading rules, and common troubleshooting tips such as service listening verification.
This article explains how to virtualize network resources on a single Linux host using network namespaces, virtual Ethernet (veth) pairs, bridges, IP routing, NAT, and iptables, enabling containers to communicate with each other, the host, and the external world without writing custom code.
This guide explains step‑by‑step how to check firewall status, start firewalld, open specific ports, reload or restart the firewall on CentOS 7, and modify iptables directly on CentOS 6, including useful commands for listing, removing, and temporarily disabling ports.
This article explains Docker's default networks, the four network modes (bridge, host, none, container), how to configure each mode, create custom bridges, use veth pairs, and perform common container networking operations such as port mapping and DNS settings.
This article explains how Kubernetes forwards packets from the initial web request through container networking, covering the network model, pod creation steps, the role of the pause container, same‑node and cross‑node pod‑to‑pod traffic, service IP translation, and the underlying CNI, iptables, and conntrack mechanisms.
This guide walks you through checking firewall status, enabling firewalld, adding permanent ports, reloading the firewall, and using iptables on CentOS 6, providing complete command examples and tips for troubleshooting common issues.
This guide explains step‑by‑step how to check firewall status, enable firewalld, open specific ports, reload or restart the firewall, and modify iptables on CentOS 6 and 7, including useful commands and common pitfalls.
This article explains how to use the iptables hashlimit module to create a stateful rate‑limiting chain, details the required commands, clarifies the meaning of the --hashlimit‑upto and --hashlimit‑burst parameters, and provides an example illustrating credit‑based packet acceptance.
This article explains how Kubernetes forwards packets from the initial web request through container networking, covering the Kubernetes network model, Linux network namespaces, the role of the pause container, pod‑to‑pod communication on the same and different nodes, CNI plugins, and how services use Netfilter and iptables to rewrite traffic.
The article explains the workings of kube-proxy in iptables and IPVS modes, compares their differences, describes the use of ipset for efficient rule handling, and defines static Pods in Kubernetes, highlighting their management by the kubelet and lack of API Server involvement.
An overview of essential Linux firewall solutions—including iptables, IPCop, Shorewall, UFW, Vuurmuur, pfSense, IPFire, Smoothwall, Endian, and ConfigServer—covers their core functions, key features, and typical use cases, helping administrators choose the right tool for network protection.
This guide shows how to use iptables to allow only a designated IP address to access a host's port 80, how to apply the same restriction to Docker containers by adding rules to the DOCKER-USER chain, and how to make the settings persistent across reboots.
A Docker security flaw allows services bound to the loopback address with -p 127.0.0.1 to be reachable from external hosts due to an iptables rule, and the article explains the issue, demonstrates a proof‑of‑concept, and proposes tightened firewall rules as a fix.
This article explains the fundamentals of Kubernetes Service, walks through a real‑world failure case, details how to configure different Service types (ClusterIP, NodePort, LoadBalancer, ExternalName, Headless), and explores the underlying implementation mechanisms such as user‑space proxy, iptables, and IPVS.
Netfilter, the Linux kernel’s packet‑processing framework, uses a series of hook points and the NF_HOOK macro to let user‑space tools like iptables register callback functions that inspect, modify, or drop packets, with detailed structures for tables, chains, rules, priorities, and connection tracking.
A recent Docker security issue shows that publishing container ports to 127.0.0.1 does not prevent external access, because Docker adds an iptables rule that forwards traffic to the container’s internal IP, allowing attackers on the same network to reach the service.
A recent Hacker News discussion revealed that Docker’s iptables rule allows containers bound to 127.0.0.1 to be reachable from other hosts, and a step‑by‑step proof‑of‑concept demonstrates the issue while a revised iptables rule is proposed to enforce proper source‑address restrictions.
This article provides a comprehensive guide to iptables, explaining its hierarchical structure of tables, chains, and rules, detailing the built‑in tables (filter, nat, mangle, raw) and their chains, describing rule syntax and target actions, and offering practical command examples for listing, flushing, saving, setting default policies, and configuring SSH, HTTP, NAT, and IP‑based restrictions.
This article explains Kubernetes' network model, covering container‑to‑container, pod‑to‑pod, pod‑to‑service, and external traffic flows, while detailing network namespaces, veth pairs, Linux bridges, iptables/IPVS load‑balancing, and cloud‑native solutions like LoadBalancer and Ingress controllers.
The article investigates how loss of TCP SYN, SYN‑ACK, or ACK packets during the three‑way handshake affects MySQL client‑server connections, demonstrating retransmission behavior, kernel parameter tuning, and keep‑alive mechanisms through controlled iptables and tcpdump experiments.
This article explains Kubernetes service discovery by first covering essential networking concepts, then detailing how Services provide stable endpoints, how they register with cluster DNS, and how kube-proxy and iptables/IPVS route traffic to dynamic Pods.
Learn how to virtualize network resources on a single Linux host using network namespaces, virtual Ethernet devices, bridges, and NAT, enabling isolated containers to communicate with each other, the host, and the external internet without complex code, while covering setup, routing, and port publishing.
This article explains why Go programs may pick unusable link‑local addresses on machines with multiple network interfaces, shows how to filter them out, and presents three practical solutions—including per‑NIC binding, Docker container isolation, and DNAT/SNAT rules—to control inbound and outbound traffic.
This article explains the fundamental concepts, configuration methods, and underlying mechanisms of Kubernetes Services, covering typical Service definitions, the four Service types, their behavior under kube-proxy's iptables mode, and practical troubleshooting insights drawn from a real production outage.
This article provides a detailed technical analysis of Envoy's traffic hijacking mechanisms, covering sidecar and gateway modes, REDIRECT and TPROXY interception, iptables rule generation, port handling, conntrack limitations, and eBPF acceleration within Kubernetes service meshes.
This tutorial explains how to create isolated, virtualized network stacks for containers on a single Linux host using network namespaces, virtual Ethernet pairs, a Linux bridge, routing, NAT, and iptables, and shows how to expose container services to the outside world.
This article provides a comprehensive guide to Kubernetes networking, covering pod network requirements, Linux network namespaces, the role of the pause container, IP allocation, veth pairs, bridge connections, inter‑pod traffic on same and different nodes, CNI plugins, and how services use iptables and conntrack for traffic routing.
This tutorial walks through creating a fully isolated container network on a single Linux host using network namespaces, virtual Ethernet (veth) pairs, a Linux bridge, IP routing, NAT with iptables, and port publishing, covering both root and rootless container scenarios.
This tutorial walks through the fundamentals of single‑host container networking on Linux, covering network namespaces, virtual Ethernet (veth) pairs, bridges, IP routing, NAT, port publishing, Docker network drivers, and rootless container considerations, all with step‑by‑step commands and explanations.
This article introduces firewall fundamentals, traces their evolution, compares network, application, and database firewalls, explores Linux firewall implementations with iptables and Netfilter, and discusses performance metrics, limitations, and practical use cases for securing enterprise networks.
This tutorial walks through building isolated, virtualized networking for containers on a single Linux host using network namespaces, virtual Ethernet pairs, Linux bridges, IP routing, NAT, and iptables rules, enabling inter‑container communication, host access, and external connectivity without writing any custom code.
This comprehensive guide explains Linux firewall fundamentals, covering concepts, classifications, and detailed configurations of iptables, firewalld, and nftables, including NAT, SNAT, DNAT, rule syntax, extensions, optimization practices, and real‑world case studies with diagrams and mind maps to help both beginners and experienced administrators secure their systems.
This article explains how iptables, built on the Netfilter framework, processes network packets through five kernel hooks and four tables, covering the receive, send, and forward paths, and demonstrates practical NAT, DNAT, filter, raw, and mangle rules for Docker and Kubernetes environments.
This guide explains how to protect a shared development TCP port—used as a sidecar proxy for a Unix Domain Socket—by applying per‑IP rate limiting with iptables' hashlimit module, including full command examples, parameter details, and practical calculations.
This article provides a concise tutorial on using iptables to reset, delete, flush, list, and configure firewall rules on a Linux node, covering port blocking, IP blocking, rule negation, multi‑port matching, stateful filtering, and default policies.
This guide explains what mining trojans are, how to identify their presence through CPU usage, suspicious processes, cron jobs and network activity, and provides step‑by‑step commands for isolating, blocking, and fully cleaning infected Linux hosts to prevent recurrence.
This article provides a comprehensive overview of iptables, explaining its table and chain architecture, detailing the built‑in tables (filter, nat, mangle, raw), describing common chains and targets, and offering practical command‑line examples for listing, flushing, persisting, and customizing firewall rules on Linux systems.
Both iptables and IPVS modes let kube-proxy route Service traffic, but iptables relies on a linear rule list that scales poorly, while IPVS uses hash-based O(1) lookups and richer algorithms, offering higher performance and scalability for large Kubernetes clusters.
This tutorial explains how to configure port forwarding on Windows using netsh and on Linux using iptables, demonstrates a multi‑machine experiment with a dual‑NIC host, and provides both temporary and permanent configuration commands for real‑world network isolation scenarios.
This article recounts a real‑world Service outage, explains the purpose and principles of Kubernetes Services, details typical and selector‑less configurations, compares all Service types (ClusterIP, LoadBalancer, NodePort, ExternalName, Headless), and dives into the iptables‑based implementation used by kube‑proxy, complete with rule examples and performance considerations.
This guide explains the architecture of iptables—including tables, chains and rules—covers common targets, shows how to list, flush, persist and modify rules, and provides complete examples for SSH, HTTP, NAT port forwarding and source‑IP restrictions on Linux firewalls.
This guide explains what mining trojans are, how they consume CPU resources and spread within networks, and provides step‑by‑step detection and removal procedures—including host isolation, network blocking, cron and systemd cleanup, preload hijack removal, and process termination—to help security engineers secure cloud servers.
The article investigates a puzzling Kubernetes issue where using hostPort caused MySQL traffic to be redirected to the wrong pod, explains how iptables rules inserted by the CNI portmap plugin override Service rules, and provides reproducible experiments and practical recommendations to avoid such problems in production.
This article explains how using hostPort in a Kubernetes cluster injects iptables NAT rules that override normal Service routing, causing unexpected MySQL connection failures, and provides step‑by‑step troubleshooting, reproduction, and recommendations to avoid hostPort in production.
This article provides a comprehensive guide to iptables, covering its underlying netfilter architecture, the five built‑in chains and tables, rule syntax, common match and target options, and practical command examples for adding, deleting, querying, and managing firewall rules on Linux systems.
This article demystifies single‑host container networking by explaining network namespaces, virtual Ethernet pairs, Linux bridges, routing, NAT with iptables, Docker network drivers and rootless container limitations, while providing step‑by‑step commands and code snippets for practical implementation.
This article explains iptables fundamentals, its table and chain architecture, common command syntax with practical examples, and demonstrates how iptables is leveraged in Kubernetes and Istio Service Mesh to intercept and redirect pod traffic for advanced service‑mesh capabilities.
This tutorial explains how to build isolated, interoperable container networks on a single Linux host using network namespaces, virtual Ethernet pairs, bridges, routing, NAT, and port publishing, with step‑by‑step commands and practical examples for Docker and Podman.
This tutorial explains how to isolate, virtualize, and connect Linux network stacks on a single host using network namespaces, virtual Ethernet pairs, Linux bridges, routing, NAT, and iptables, covering both basic concepts and practical commands for Docker and Podman environments.
This article demystifies single‑host container networking by explaining network namespaces, virtual Ethernet (veth) pairs, Linux bridges, IP routing, NAT masquerading, port publishing, and the differences between Docker and rootless container networking, all with practical command‑line examples.
This article explains how traffic packets travel from external IPs or node ports to Kubernetes pods using ExternalIP ClusterIP services, NodePort services, iptables DNAT/SNAT rules, and Calico BGP routing, with step‑by‑step analysis, configuration examples, and command‑line inspections.
This guide explains how kube-proxy in iptables mode, together with Calico BGP routing, translates service IPs to pod IPs, creates custom iptables chains, and routes traffic from external or node ports to the correct pod across a Kubernetes cluster.
This article analyzes why Kubernetes pods experience occasional one‑second connect() delays due to SNAT port‑collision issues in the iptables conntrack table, explains the underlying networking mechanisms, and offers practical mitigation techniques such as random‑fully SNAT selection and long‑lived connections.
When a server suddenly generated 800 MB of outbound traffic and SSH became unresponsive, the author traced the issue to a hidden backdoor, blocked the malicious IP, identified compromised binaries, removed malicious processes and startup scripts, and outlined preventive security measures.
This tutorial walks through building isolated single‑host container networks using Linux network namespaces, virtual Ethernet (veth) pairs, bridges, routing, NAT and iptables, enabling containers to communicate with each other, the host, and the external Internet.
This tutorial explains how to build a functional single‑host container network on Linux by using network namespaces, virtual Ethernet pairs, a Linux bridge, IP routing, NAT with iptables, and port publishing, providing step‑by‑step commands and troubleshooting tips.
This article explains how iptables filters network packets and provides a Bash script that monitors Nginx access logs, identifies high‑frequency IPs, and automatically adds firewall rules to drop those IPs, with a suggestion for more robust nginx‑Lua interception.
This article explores how Kubernetes resolves DNS queries by examining the Pod's resolv.conf configuration, the CoreDNS service implementation via iptables rules, and the impact of search and ndots options on query behavior, providing practical examples and optimization tips.
This article explains how to virtualize and isolate Linux network resources for containers using network namespaces, virtual Ethernet devices, bridges, routing, and NAT, providing step‑by‑step commands to connect containers, expose ports, and enable external internet access without relying on Docker.
This guide walks through essential Linux security measures, covering common attack vectors, network and OS hardening, firewall configuration with iptables, user and group management, and detailed file‑permission techniques, providing practical commands and examples for robust system protection.
Learn to configure port mapping on both Windows and Linux servers, including enabling packet forwarding, adding and deleting proxy rules, setting up iptables NAT, and testing the setup with curl, using practical examples and a multi‑machine lab environment.
This guide explains how Docker uses -p and -P options for port mapping, how to bind specific host IPs and protocols, view mappings, combine multiple bindings, and expose un‑mapped containers later via host iptables NAT rules for full network access.
This tutorial explains how to set up port forwarding on Windows using netsh and on Linux using iptables, demonstrates a multi‑machine lab with dual‑NIC servers, and shows how to verify that external clients can reach internal services through the configured mappings.
This article provides a comprehensive guide to using iptables for port forwarding, explains the four tables and five chains, details common command syntax, match criteria, actions, additional modules, and includes practical examples for NAT configuration and protecting against small‑scale attacks.
This guide explains how to configure Linux iptables NAT to forward traffic from an external network to multiple internal devices, covering the underlying PREROUTING/DNAT and POSTROUTING/SNAT mechanisms, step‑by‑step command examples, testing procedures, and best‑practice tips.
This guide shows how to install Nginx on a RedHat 6.5 system, simulate rapid requests from a malicious IP using ApacheBench, examine the access logs, and then block that IP permanently with an iptables rule or Nginx configuration, verifying the block with curl.
This guide explains three practical methods—modifying sqlnet.ora, configuring /etc/hosts.deny and /etc/hosts.allow, and applying iptables rules—to allow only specific IP addresses or subnets to connect to an Oracle 11g database and its SSH service on a CentOS server.
This article explains the core Linux networking technologies that Docker relies on—Network Namespace, bridge devices, Veth pairs, iptables/netfilter, and routing tables—detailing their functions, configurations, and how they enable isolated yet interconnected container networks.
This article explains the core Linux networking technologies—Network Namespace, bridge devices, Veth pairs, iptables/netfilter, and routing—that Docker relies on to provide isolated, configurable network stacks for containers, and includes practical command examples.
This tutorial walks through disabling ICMP ping, hardening a Linux web server with iptables, configuring a dual‑NIC gateway, and implementing DNAT port mapping, providing complete command examples, verification steps, and visual results for each scenario.
This article breaks down the fundamental iptables command syntax, explains each option and parameter, provides practical examples for adding, inserting, listing, deleting, and managing firewall rules, and covers common modules, backup, and restoration techniques for effective Linux network security.
This article introduces iptables, explains its tables, chains, and packet‑processing flow, and provides step‑by‑step commands for installing and configuring the Linux firewall, offering a solid foundation for anyone new to network security on Linux systems.
This guide explains why Linux ping responses depend on both kernel parameters and firewall rules, and provides step‑by‑step commands to temporarily or permanently enable or block ping using /proc/sys settings, sysctl configuration, and iptables rules.
This guide shows how to configure one CentOS machine as a NAT gateway using iptables, enabling nine other LAN servers to access the Internet via SNAT or MASQUERADE, with step‑by‑step commands, kernel settings, and client configuration tips.
This article explains the fundamentals of Linux iptables—including its role with netfilter, rule ordering, tables and chains—then walks through packet‑processing flows and three practical scenarios such as Envoy traffic hijacking, massive long‑connection handling, and bastion‑host security.
This comprehensive tutorial explains the fundamentals of iptables, its architecture, chain and table concepts, rule syntax, matching modules, actions, and provides practical command examples for configuring Linux firewalls in virtual machines or Docker containers.
This comprehensive guide explains Linux firewall fundamentals, the netfilter framework, firewalld architecture, zone and service management, command‑line and graphical tools, as well as practical examples of configuring zones, services, ports, rich rules, and troubleshooting common issues.
This article explains how Kubernetes services work as load balancers using per‑node sidecar proxies, the role of kube‑proxy, and the iptables/netfilter mechanisms that implement DNAT for traffic routing within the cluster.
This guide walks through setting up a Zabbix server on ESXi, enabling NAT and port forwarding with iptables, installing the Zabbix agent on Windows Server 2012, and creating Windows‑specific monitoring items such as IIS process status and performance counters.
This article explains the role of Kubernetes Service and kube-proxy, details each Service type (ClusterIP, NodePort, LoadBalancer, Ingress), compares iptables‑based and IPVS‑based load‑balancing implementations, and provides configuration examples for both modes.
This guide walks you through using Linux's two main firewall tools—firewalld for CentOS 7+ and iptables for older versions—covering installation, service control, rule management, port handling, and useful commands with clear examples and screenshots.
This article explains how idle TCP connections are silently dropped by Alibaba Cloud security groups, causing Redis client timeouts and MySQL JDBC CommunicationsExceptions, and provides step‑by‑step diagnostics and configuration changes—including TCP keepalive and wait_timeout tweaks—to prevent the failures.
This article provides a collection of practical Linux and Windows system‑administration Q&A, covering software installation and removal, remote connection tools, IP and hostname configuration, backup scripts, iptables rules, MySQL security and replication, network utilities, and various shell command examples.
This guide presents a collection of commonly used Linux iptables rules—ranging from deleting existing rules and setting default policies to allowing specific services like SSH, HTTP, HTTPS, and configuring port forwarding, logging, and DoS protection—so you can tailor firewall settings to your environment.
This tutorial walks through designing a network topology, configuring static and DHCP IPs, disabling the default firewall, installing and initializing iptables and DHCP services, setting up NAT and port forwarding, and persisting the configuration on a Linux server.
This guide explains Linux traffic control (TC), covering its core components—qdisc, classes, and filters—along with HTB hierarchy, queue disciplines, iptables marking, and step‑by‑step command examples for limiting bandwidth per interface, IP or application.
tcpcopy is a request‑copy tool that captures live traffic from production servers and replays it on test machines, enabling functional and stress testing without affecting users, and the guide covers its architecture, workflow, installation, configuration, and both online and offline usage modes.
