Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
linux_router:nftables [2024-06-16 Sun wk24 11:58] – baumkp | linux_router:nftables [2024-06-16 Sun wk24 12:06] – [Router Configuration] baumkp | ||
---|---|---|---|
Line 2: | Line 2: | ||
=====NFTables Configuration===== | =====NFTables Configuration===== | ||
====Router Configuration==== | ====Router Configuration==== | ||
+ | <fc # | ||
A router performs the following key features: | A router performs the following key features: | ||
- A gateway between different network areas | - A gateway between different network areas | ||
- Restrict network traffic | - Restrict network traffic | ||
- Forward Network traffic | - Forward Network traffic | ||
- | - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action! This is often confused with NAT, NAT is addtional | + | - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall |
- NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6 | - NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6 | ||
- | - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es). | + | - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es). |
+ | - NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP. This requires additional services to compensate, e.g. STUN/TURN services. | ||
Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function. | Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function. | ||