Netfilter

Netfilter is a system in the Linux kernel (as of 2.4.x) that is responsible for various forms of packet mangling, like NAT.

The netfilter system does connection tracking (allowing for stateful firewalls to be built on top of it), IP address/port translations, and has plenty of various hooks for other applications.

Iptables is the main front to access and configure the netfilter system.