Packet flow basics (how traffic moves through a host)

Topic: Networking basics

Understand how packets are processed: interface, routing, firewall (input/output/forward), and application. Use this when debugging why traffic is dropped or a service is not reachable so you check the right layer.

Intent: How-to

Quick answer

  • Inbound: packet arrives -> routing (for this host?) -> input firewall -> socket. If forwarding, FORWARD chain and out interface. Outbound: application -> route -> output firewall -> interface.
  • Return traffic is often allowed by stateful rules (established/related). Check routing table, then firewall rules, then that the service is listening on the expected address and port.
  • Debug order: Is packet for this host? (routing). Allowed? (firewall). Is something listening? (ss -tlnp). Fix the first failure.

Prerequisites

Steps

  1. Inbound path

    Packet hits interface; kernel checks routing (destination = this host?). If yes, INPUT chain then socket. If forwarding, FORWARD chain and out interface.

  2. Outbound path

    Application sends; kernel routes; OUTPUT chain; interface. Replies use established/related in stateful firewall.

  3. Debugging order

    Check routing, then firewall, then listener (ss -tlnp). Fix the first failure (route, firewall, or listener).

  4. Forward and NAT

    On a router or NAT host, FORWARD and NAT tables apply. Same idea: route, filter, forward; NAT changes addresses for return traffic.

Summary

Traffic flows through interface, routing, firewall, and application. Use the order route then firewall then listener to find where a packet is dropped.

Prerequisites

Steps

Step 1: Inbound path

Packet -> routing -> INPUT -> socket. If forwarding, FORWARD and out interface.

Step 2: Outbound path

Application -> route -> OUTPUT -> interface. Replies use established/related.

Step 3: Debugging order

Check routing, firewall, listener; fix the first failure.

Step 4: Forward and NAT

On router/NAT, FORWARD and NAT apply; same logic.

Verification

You can explain the path and use it to find where traffic is dropped.

Troubleshooting

Dropped inbound — Check route, firewall, listener. Dropped outbound — Check OUTPUT rules and default route.

Next steps

Continue to