edwarnicke/gist:ad32ea509ecee441a27e0985613c62cf

## gistfile1.txt
## NSM


## PREROUTING
| Rule	 | target  | prot | opt | in    | out | source   | destination   |
|---|---------|------|-----|-------|----------|----------|---|
| 1 | ISTIO_REDIRECT | tcp | -- | ${NSM_INTERFACE} | any | anywhere | anywhere |
| 2 | ISTIO_INBOUND | tcp | -- | any   | any | anywhere | anywhere |

```bash
iptables -t nat -I PREROUTING 1 -p tcp -i ${NSM_INTERFACE} -j ISTIO_REDIRECT
```

## NSM_OUTPUT
| Rule	 | target  | prot | opt | in  | out | source   | destination               |
|-------|---------|------|-----|-----|-----|----------|---------------------------|
| 1 | DNAT | any | -- | any | any | anywhere | anywhere to:${NSM_SRC_IP} |

```shell
iptables -t nat -N NSM_OUTPUT
iptables -t nat -A NSM_OUTPUT -j DNAT --to-destination ${NSM_SRC_IP}
```

## OUTPUT
| Rule	 | target  | prot | opt | in  | out | source   | destination   |
|---|---------|------|-----|-----|----------|----------|---|
| 1 | ISTIO_OUTPUT | tcp |  -- | any | any | anywhere | anywhere |
| 2 | NSM_OUTPUT | tcp | -- | any | any |127.0.0.6 |anywhere |

```shell
iptables -t nat -A OUTPUT -p tcp -s 127.0.0.6 -j NSM_OUTPUT
```

## NSM_POSTROUTING
| Rule	 | target | prot | opt | in  | out | source   | destination               |
|-------|--------|------|-----|-----|-----|----------|---------------------------|
| 1 | SNAT   | any | -- | any | any | anywhere | anywhere to:${NSM_DST_IP} |

```shell
iptables -t nat -N NSM_POSTROUTING
iptables -t nat -A NSM_POSTROUTING -j SNAT --to-source ${NSM_DST_IP}
```

## POSTROUTING
| Rule	 | target  | prot | opt | in  | out              | source   | destination               |
|-------|---------|------|-----|-----|------------------|----------|---------------------------|
| 1 | NSM_POSTROUTING | all | -- | any | ${NSM_INTERFACE} | anywhere | anywhere |

```shell
iptables -t nat -A POSTROUTING -p tcp -o ${NSM_INTERFACE} -j NSM_POSTROUTING
```
	## NSM



	## PREROUTING
	\| Rule \| target \| prot \| opt \| in \| out \| source \| destination \|
	\|---\|---------\|------\|-----\|-------\|----------\|----------\|---\|
	\| 1 \| ISTIO_REDIRECT \| tcp \| -- \| ${NSM_INTERFACE} \| any \| anywhere \| anywhere \|
	\| 2 \| ISTIO_INBOUND \| tcp \| -- \| any \| any \| anywhere \| anywhere \|

	```bash
	iptables -t nat -I PREROUTING 1 -p tcp -i ${NSM_INTERFACE} -j ISTIO_REDIRECT
	```

	## NSM_OUTPUT
	\| Rule \| target \| prot \| opt \| in \| out \| source \| destination \|
	\|-------\|---------\|------\|-----\|-----\|-----\|----------\|---------------------------\|
	\| 1 \| DNAT \| any \| -- \| any \| any \| anywhere \| anywhere to:${NSM_SRC_IP} \|

	```shell
	iptables -t nat -N NSM_OUTPUT
	iptables -t nat -A NSM_OUTPUT -j DNAT --to-destination ${NSM_SRC_IP}
	```

	## OUTPUT
	\| Rule \| target \| prot \| opt \| in \| out \| source \| destination \|
	\|---\|---------\|------\|-----\|-----\|----------\|----------\|---\|
	\| 1 \| ISTIO_OUTPUT \| tcp \| -- \| any \| any \| anywhere \| anywhere \|
	\| 2 \| NSM_OUTPUT \| tcp \| -- \| any \| any \|127.0.0.6 \|anywhere \|

	```shell
	iptables -t nat -A OUTPUT -p tcp -s 127.0.0.6 -j NSM_OUTPUT
	```

	## NSM_POSTROUTING
	\| Rule \| target \| prot \| opt \| in \| out \| source \| destination \|
	\|-------\|--------\|------\|-----\|-----\|-----\|----------\|---------------------------\|
	\| 1 \| SNAT \| any \| -- \| any \| any \| anywhere \| anywhere to:${NSM_DST_IP} \|

	```shell
	iptables -t nat -N NSM_POSTROUTING
	iptables -t nat -A NSM_POSTROUTING -j SNAT --to-source ${NSM_DST_IP}
	```

	## POSTROUTING
	\| Rule \| target \| prot \| opt \| in \| out \| source \| destination \|
	\|-------\|---------\|------\|-----\|-----\|------------------\|----------\|---------------------------\|
	\| 1 \| NSM_POSTROUTING \| all \| -- \| any \| ${NSM_INTERFACE} \| anywhere \| anywhere \|

	```shell
	iptables -t nat -A POSTROUTING -p tcp -o ${NSM_INTERFACE} -j NSM_POSTROUTING
	```