I'm trying to setup stateless NAT on a testbed I'm using for university research on DDoS. We are developing a stateless DDoS prevention tool, but to test the software I need to use stateless NAT to force traffic from outside through one computer, the router, and to the victim. I tried the NETMAP target module, but the router is still filtering my out of state packets from the attack. The following show the rules in my nat table: root # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination NETMAP all -- anywhere <victim's ip address> 192.168.13.2/32 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.168.13.2 anywhere to:<victim's ip address> Chain OUTPUT (policy ACCEPT) target prot opt source destination I appreciate any suggestions on how I could correct my setup so I can use stateless.
