Re: Setup of different types of NAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Pedro Gonçalves" <pedro.pandre@gmail.com>
To: Elvir Kuric <omasnjak@yahoo.com>
Cc: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Setup of different types of NAT
Date: Thu, 19 Apr 2007 15:02:19 +0100	[thread overview]
Message-ID: <4627766B.3010809@gmail.com> (raw)
In-Reply-To: <235535.26076.qm@web56203.mail.re3.yahoo.com>

Hi Elvir

Sorry if the terms I used are not familiar to everyone.
The types of NAT I am talking about are defined by STUN RFC 3489 
(http://www.faqs.org/rfcs/rfc3489.html, section 5):
(...)

Full Cone: A full cone NAT is one where all requests from the
      same internal IP address and port are mapped to the same external
      IP address and port.  Furthermore, any external host can send a
      packet to the internal host, by sending a packet to the mapped
      external address.

   Restricted Cone: A restricted cone NAT is one where all requests
      from the same internal IP address and port are mapped to the same
      external IP address and port.  Unlike a full cone NAT, an external
      host (with IP address X) can send a packet to the internal host
      only if the internal host had previously sent a packet to IP
      address X.

   Port Restricted Cone: A port restricted cone NAT is like a
      restricted cone NAT, but the restriction includes port numbers.
      Specifically, an external host can send a packet, with source IP
      address X and source port P, to the internal host only if the
      internal host had previously sent a packet to IP address X and
      port P.

   Symmetric: A symmetric NAT is one where all requests from the
      same internal IP address and port, to a specific destination IP
      address and port, are mapped to the same external IP address and
      port.  If the same host sends a packet with the same source
      address and port, but to a different destination, a different
      mapping is used.  Furthermore, only the external host that
      receives a packet can send a UDP packet back to the internal host.

(...)

I just want to know how to setup Symmetric NAT

Thanks in advance
Pedro


Elvir Kuric wrote:
> Hi Pedro, 
> what is Cone? Some abbervation or what else ?
> Please for clearability describe what you want achieve
> using NAT?
>
> Regards 
>
> Elvir Kuric 
>
> --- Pedro Gonçalves <pedro.pandre@gmail.com> wrote:
>
>   
>> Hello everyone
>>
>> I want to know *how to* setup this types of NAT:
>> /-Full Cone NAT/
>> /-Restricted Cone NAT/
>> /-Port Restricted Cone NAT/
>> /-Symmetric NAT/
>>
>> Using iptables, I set all policies to "ACCEPT" and I
>> was able to setup 
>> two kinds of NAT:
>> (192.168.2.170 is my "public" address and 10.0.0.1
>> is my "private" address
>>
>> /-"Full Cone NAT", with the following rules:/
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT
>> --to-source 192.168.2.170
>> iptables -t nat -A PREROUTING -i eth0 -j DNAT
>> --to-destination 10.0.0.1
>>
>>
>> /-"Port Restricted Cone NAT", with just a single
>> rule:/
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT
>> --to-source 192.168.2.170/
>>
>> /
>> Now does anyone know how to setup Restricted Cone
>> NAT and Symmetric NAT?
>>
>> Thanks in advance
>> Pedro
>> //
>>
>>
>>     
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
>

next prev parent reply	other threads:[~2007-04-19 14:02 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-18  9:10 Setup of different types of NAT Pedro Gonçalves
2007-04-19 13:06 ` Elvir Kuric
2007-04-19 14:02   ` Pedro Gonçalves [this message]
2007-04-19 19:21     ` Denis
2007-04-19 19:49 ` Pascal Hambourg
2007-04-20  8:43   ` Pedro Gonçalves

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4627766B.3010809@gmail.com \
    --to=pedro.pandre@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=omasnjak@yahoo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.