Re: Setup of different types of NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Elvir

Sorry if the terms I used are not familiar to everyone.
The types of NAT I am talking about are defined by STUN RFC 3489 (http://www.faqs.org/rfcs/rfc3489.html, section 5): 
(...)

Full Cone: A full cone NAT is one where all requests from the
     same internal IP address and port are mapped to the same external
     IP address and port.  Furthermore, any external host can send a
     packet to the internal host, by sending a packet to the mapped
     external address.

  Restricted Cone: A restricted cone NAT is one where all requests
     from the same internal IP address and port are mapped to the same
     external IP address and port.  Unlike a full cone NAT, an external
     host (with IP address X) can send a packet to the internal host
     only if the internal host had previously sent a packet to IP
     address X.

  Port Restricted Cone: A port restricted cone NAT is like a
     restricted cone NAT, but the restriction includes port numbers.
     Specifically, an external host can send a packet, with source IP
     address X and source port P, to the internal host only if the
     internal host had previously sent a packet to IP address X and
     port P.

  Symmetric: A symmetric NAT is one where all requests from the
     same internal IP address and port, to a specific destination IP
     address and port, are mapped to the same external IP address and
     port.  If the same host sends a packet with the same source
     address and port, but to a different destination, a different
     mapping is used.  Furthermore, only the external host that
     receives a packet can send a UDP packet back to the internal host.

(...)

I just want to know how to setup Symmetric NAT

Thanks in advance
Pedro


Elvir Kuric wrote:
Hi Pedro, what is Cone? Some abbervation or what else ? 
Please for clearability describe what you want achieve
using NAT?
Regards Elvir Kuric 
--- Pedro Gonçalves <pedro.pandre@xxxxxxxxx> wrote:


Hello everyone

I want to know *how to* setup this types of NAT:
/-Full Cone NAT/
/-Restricted Cone NAT/
/-Port Restricted Cone NAT/
/-Symmetric NAT/

Using iptables, I set all policies to "ACCEPT" and I
was able to setup two kinds of NAT: 
(192.168.2.170 is my "public" address and 10.0.0.1
is my "private" address

/-"Full Cone NAT", with the following rules:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT
--to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT
--to-destination 10.0.0.1


/-"Port Restricted Cone NAT", with just a single
rule:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT
--to-source 192.168.2.170/

/
Now does anyone know how to setup Restricted Cone
NAT and Symmetric NAT?

Thanks in advance
Pedro
//





__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux