What I mean with Full Cone NAT is the following: 1. A packet is sent from a machine in the LAN from Address1:port100 to a machine in the WAN with Address3:port200, the NAT converts the local Address1:port100 to Address2:port100 which is the address assigned to the home router by the ISP. So this packet is sent with source: Address2:port100 and destination: Address3:port200. 2. The packet received by the machine in the WAN in 1) is processed and then the answer comes from a different machine with a different address but using the same ports. So the response packet is sent by Address4:port200 to Address2:port100. So this packet has source: Address4:port200 and destination: Address2:port100. 3. When the home router receives the response packet it has to ignore the sending address in the matching table, so that all traffic received in Address2:port100 is simply forward to Address1:port100. This is just a Full Cone NAT. I have read some tutorials about iptables and the only way I have found to do this is make rule that forwards all traffic that arrives in Address2:port100 to Address1:port100. This does the work for just one machine on the LAN which has a static ip and will always contact the same machine on the WAN. What I really want to do is implement a Full Cone NAT in which a packet sent from Address1:port100 which is translated to Address2:port100 by the NAT and goes to Address3:port200, activates port100 in the home router so that any packets arriving in port100 will be forwarded to Address1:por100. And this would just work for any number of machines. Best Regards Hugo Mendes ________________________________________ De: netfilter-devel-owner@xxxxxxxxxxxxxxx [netfilter-devel-owner@xxxxxxxxxxxxxxx] Em Nome De Hugo Miguel Mendes Enviado: terça-feira, 7 de Abril de 2009 16:32 Para: Jan Engelhardt Cc: netfilter-devel@xxxxxxxxxxxxxxx Assunto: RE: full_cone_nat As long as I know iptables is port-restricted NAT, how can you do full cone nat on that? Hugo Mendes ________________________________________ De: jengelh@xxxxxxxxxxxxxxxxxxxxxxxxx [jengelh@xxxxxxxxxxxxxxxxxxxxxxxxx] Em Nome De Jan Engelhardt [jengelh@xxxxxxxxxx] Enviado: terça-feira, 7 de Abril de 2009 16:31 Para: Hugo Miguel Mendes Cc: netfilter-devel@xxxxxxxxxxxxxxx Assunto: RE: full_cone_nat On Tuesday 2009-04-07 17:28, Hugo Miguel Mendes wrote: >What do you mean with "Another?" You can already do full cone with Netfilter. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
