调试网络的方法：(Debugging the kernel using Ftrace)

1. $ sudo mount -t debugfs nodev debug

2. $ echo ip_rcv > set_graph_function

3. $ echo function_graph > current_tracer

4. $ echo 0 > tracing_on turn off trace, default is on

5. all log is on trace file

更多的文章，请看 内核目录下面的 $ ls Documentation/trace/events.txt Documentation/trace/tracepoints.txt  

有关 IP forwarding

https://en.wikipedia.org/wiki/IP_forwarding

http://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding

各种使能IP forwarding的方法

http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

IPtables中SNAT和MASQUERADE的区别

http://soft.zdnet.com.cn/techupdate/2008/0317/772069.shtml

http://blog.163.com/qk_zhu/blog/static/195076154201162795311632/

nat_tutorial

http://www.karlrupp.net/en/computer/nat_tutorial

redhat firewall

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/ch-fw.html