Hi everyone, I want to configure advanced NAT behaviors which are: Maping behavior (Endpoint-Independent, Address-dependent, address and port dependent), IP Address Pooling Behavior (Arbitrary, Paired), Port Assignment (Port preservation, No port preservation, port overloading). These terms are defined in the RFC4787. Examples: 1- iptables -t nat -A POSTROUTING -o eth1 -j SNAT –to-source 193.49.142.107:2000-4000 Here I think the default behavior of NAT implemented by iptables is Endpoint independent. So all sessions will have the same 'external' (IP, Port N°) even there is a range of ports. I need to know what are the flags or options to be modified in order to switch from a behavior to an other. 2- iptables -t nat -A POSTROUTING -o eth1 -j SNAT –to-source 193.49.142.107-193.49.142.150: 2000-4000 I think the default behavior is No Port Preservation and Paired. Same question, how can I configure the other behaviors (Port Preservation and Port Overloading)? Here is a brief definition of each behavior: * Mapping behavior: For session originated on the same address and port (from the same machine). - Endpoint Independent Same mapping to different sessions. The NAT router affects the same (IP address, Port number) to different sessions. - Address dependent Same mapping to sessions destined to the same host. For sessions to different hosts, only the external IP address is the same but port numbers are different. For sessions destined to the same host, the NAT router affects the same (IP address, Port N°). Destination port differentiates between the 2 sessions. - Address and Port Dependent A mapping only applies to one session. The NAT router affects different external (IP Address, Port N°) for each session. * IP Address Pooling Behavior: NATs with a pool of external IP addresses. - Arbitrary: an endpoint may have simultaneous mappings corresponding to different external IP addresses of the NAT. Two sessions to the same host may have different external IP addresses. - Paired: same external IP address of the NAT. * Port Assignment: - Port Preservation Preserves the port as long as there are available IP addresses in the NAT’s pool. - No Port Preservation Two sessions can be established to different hosts using the same external IP address in the NAT’s pool. But port numbers are different. - Port Overloading The port is preserved always, even without available IP addresses in the NAT’s pool. The NAT relays on the IP source of the response. Thank you in advance and sorry for the long message. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
