From: "Pedro Gonçalves" <pedro.pandre@gmail.com>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Setup of different types of NAT
Date: Fri, 20 Apr 2007 09:43:05 +0100 [thread overview]
Message-ID: <46287D19.4000004@gmail.com> (raw)
In-Reply-To: <4627C7BF.5000406@plouf.fr.eu.org>
>> I want to know *how to* setup this types of NAT:
>> /-Full Cone NAT/
>> /-Restricted Cone NAT/
>> /-Port Restricted Cone NAT/
>> /-Symmetric NAT/
>
> Again ? I thought I already answered the last time you asked.
I couldn't solve the problem with the help you gave, so I had to try it
once again.
Besides, the last time I talked about types of NAT some people said it
was possible to create those NATs, others said it was impossible, but no
one told *how to* implement any kind of NAT.
>> Using iptables, I set all policies to "ACCEPT" and I was able to
>> setup two kinds of NAT:
>> (192.168.2.170 is my "public" address and 10.0.0.1 is my "private"
>> address
> [...]
>> /-"Port Restricted Cone NAT", with just a single rule:/
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
>> 192.168.2.170/
>
> This is "symmetric NAT", not "restricted cone NAT".
At least with the version of Iptables I have (1.3.0), all STUN clients I
tried told me that it was a "Port Restricted Cone NAT"
>
>> Now does anyone know how to setup Restricted Cone NAT and Symmetric NAT?
>
> AFAIK, you cannot do "restricted cone NAT" nor "port restricted cone
> NAT" with the stock Netfilter/iptables. It would require dedicated
> conntrack and NAT helper modules.
At least with the version of Iptables I have (1.3.0), I can implement
"Port Restricted Cone NAT" with just one rule and I can implement an
"hardcoded" "Restricted Cone NAT" (I say it's hardcoded because It only
works for one host behind NAT).
So, as you can see, we disagree in our opinions.
However, if you want to test your NAT types with STUN, I recommend
JSTUN's client (http://jstun.javawi.de/).
Best Regards
Pedro
prev parent reply other threads:[~2007-04-20 8:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-18 9:10 Setup of different types of NAT Pedro Gonçalves
2007-04-19 13:06 ` Elvir Kuric
2007-04-19 14:02 ` Pedro Gonçalves
2007-04-19 19:21 ` Denis
2007-04-19 19:49 ` Pascal Hambourg
2007-04-20 8:43 ` Pedro Gonçalves [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46287D19.4000004@gmail.com \
--to=pedro.pandre@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=pascal.mail@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.