On Tue, February 7, 2006 14:36, Toby Bradshaw wrote: > Folks, > > I have a few questions regarding the firewalling capabilites of > iptables. If this isn't the correct place to ask such things then > please accept my apologies and point me in the right direction. <snip> > We're using STUN to perform NAT traversal. STUN makes a distinction > between cone and symmetric NAT's (so I'm told) and it would be nice to > be able to set up examples of each within this test network: > > 1) What kind of NAT is iptables ? > 2) Would it be possible (from rootland) to simulate the other kind ? > 3) If any of these questions seem dumb.. what have I not understood ? If : - cone nat = NAT "many" IP's to 1 IP, and - symmetric nat = NAT "many" IP's to "many" IP's, then cone NAT would be the SNAT target and symmetric NAT would be the NETMAP target. Seems to me iptables can do both unless there's something I'm misunderstanding (please correct me if I'm wrong). See also : http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-NETMAP and "man iptables". Gr, Rob
