How to expose a container to the outside world and distribute traffic across multiple backends using iptables DNAT — the same mechanism kube-proxy uses for NodePort and ClusterIP services.

Why pods can't reach the internet by default and how iptables MASQUERADE fixes it — a deep dive into NAT, conntrack, and the path packets take out of a Kubernetes node.

How Kubernetes pod networking actually works — built from Linux primitives: network namespaces, veth pairs, and bridges. No abstractions, just the kernel.