All of lore.kernel.org
 help / color / mirror / Atom feed
* Few questions re: firewalling capabilities of iptables..
@ 2006-02-07 13:36 Toby Bradshaw
  0 siblings, 0 replies; 2+ messages in thread
From: Toby Bradshaw @ 2006-02-07 13:36 UTC (permalink / raw)
  To: netfilter

Folks,

I have a few questions regarding the firewalling capabilites of 
iptables. If this isn't the correct place to ask such things  then 
please accept my apologies and point me in the right direction.

My company is developing a streaming P2P client. I've managed to set up 
a test environment on a single machine using sub-interfaces and SNAT so 
that I can run what appear to our co-ordinating server as many hosts on 
private networks behind NAT firewalls (or at least I think I have.. any 
information to the contrary greatly received).

We're using STUN to perform NAT traversal. STUN makes a distinction 
between cone and symmetric NAT's (so I'm told) and it would be nice to 
be able to set up examples of each within this test network:

1) What kind of NAT is iptables ?
2) Would it be possible (from rootland) to simulate the other kind ?
3) If any of these questions seem dumb.. what have I not understood ?

Thanks in advance...

-- 
Toby Bradshaw
Rawflow,
London, UK.


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Few questions re: firewalling capabilities of iptables..
@ 2006-02-07 14:17 Rob Sterenborg
  0 siblings, 0 replies; 2+ messages in thread
From: Rob Sterenborg @ 2006-02-07 14:17 UTC (permalink / raw)
  To: netfilter

On Tue, February 7, 2006 14:36, Toby Bradshaw wrote:
> Folks,
>
> I have a few questions regarding the firewalling capabilites of
> iptables. If this isn't the correct place to ask such things  then
> please accept my apologies and point me in the right direction.

<snip>

> We're using STUN to perform NAT traversal. STUN makes a distinction
> between cone and symmetric NAT's (so I'm told) and it would be nice to
> be able to set up examples of each within this test network:
>
> 1) What kind of NAT is iptables ?
> 2) Would it be possible (from rootland) to simulate the other kind ?
> 3) If any of these questions seem dumb.. what have I not understood ?

If :
- cone nat = NAT "many" IP's to 1 IP, and
- symmetric nat = NAT "many" IP's to "many" IP's, then

cone NAT would be the SNAT target and symmetric NAT would be the NETMAP target.
Seems to me iptables can do both unless there's something I'm misunderstanding
(please correct me if I'm wrong).

See also :
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-NETMAP
and "man iptables".


Gr,
Rob




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-02-07 14:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-02-07 13:36 Few questions re: firewalling capabilities of iptables Toby Bradshaw
  -- strict thread matches above, loose matches on Subject: below --
2006-02-07 14:17 Rob Sterenborg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.