i've followed a tutorial (in german) on setting up a WiFi Router (Access Point) on a Raspberry Pi. Following the tutorial i had to add the following iptable rules:
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Unfortunately i dont have any experience with iptables and would like to know what the rules mean/do?
I go through the rules, and explain each at once: for understanding the flow, refer to the iptables chart
iptables -A FORWARD -o eth0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT
In the FORWARD chain, you appended a rule which says: if any packet comes newly, from wlan0 to eth0, the filter lets it pass, and tracks that connection as NEW (which means: follows its change of state).
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
For any packets coming, tracked as ESTABLISHED or RELATED, the filter lets it pass
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
For the NAT table (which contains the FORWARD chain), in the POSROUTING chain, any packet leaving eth0 forgets its inner IP address (so, stays behind a NAT), and gets the one of eth0: MASQUERADE stands for masking the address.