Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IpTable- for implementing different types of NAT

IpTable- for implementing different types of NAT 6 years 6 months ago #34494

  • RaMs39
  • RaMs39's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hi

If anybody worked on Iptables,please help me in implementing each type of NAT :?
-Full Cone NAT
-Restricted Cone NAT
-Port Restricted Cone NAT
-Symmetric NAT

using IPTables.


Expalnation:
• Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.

• Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.

• Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.

• Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.

Thanks in advance,
RaMs
The administrator has disabled public write access.

Re: IpTable- for implementing different types of NAT 6 years 6 months ago #34495

  • RaMs39
  • RaMs39's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
On the netfilter mailinglist, Pedro Gonçalves suggested the following:

192.168.2.170 is "public" address and 10.0.0.1 is "private" address

/-"Full Cone NAT", with the following rules:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170

iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1

/-"Port Restricted Cone NAT", with just a single rule:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170

Please help me in implementing other NAT types.
The administrator has disabled public write access.
Time to create page: 0.072 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup