From: "Pedro Gonçalves" <pedro.pandre@gmail.com>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: IPTables and different types of NAT
Date: Wed, 07 Feb 2007 18:23:05 +0000 [thread overview]
Message-ID: <45CA1909.6000807@gmail.com> (raw)
In-Reply-To: <45CA160E.90102@plouf.fr.eu.org>
Pascal Hambourg wrote:
>> "Full Cone Nat" could easily be implemented with inbound redirection
>> to the internal system.
>
> "Full cone NAT" can be implemented with 1-to-1 bidirectional NAT using
> SNAT+DNAT or NETMAP.
>
>> "Port Restricted Cone NAT" is nothing more than "Restricted Cone NAT"
>> with port filtering. This is what is usually done if you have a
>> server behind a NATing router / firewall. In this case, you only
>> port forward the ports that you need.
>
> No. Please read more carefully the definitions of "restricted cone
> NAT" and "port restricted cone NAT". Neither can be implemented with
> iptables because they do not fit in the per-connection model.
>
>> I'm not sure if there is inherent support for "Symmetric NAT" or not.
>
> "Symmetric NAT" works on a per-connection basis and is the NAT form
> that is the easiest to implement with iptables using SNAT or MASQUERADE.
This is the main reason why I am asking: some people say it is possible
to implement all this types of NAT, some say it's not.
Pascal, can you tell me where can I find information regarding the
implementation of "Full Cone NAT" and "Symmetric NAT" using IPTables?
All I can find is discussions about whether it is possible or not to
implement this.
Thanks a lot
Pedro
next prev parent reply other threads:[~2007-02-07 18:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-07 15:49 IPTables and different types of NAT Pedro Gonçalves
2007-02-07 16:19 ` Grant Taylor
2007-02-07 18:10 ` Pascal Hambourg
2007-02-07 18:23 ` Pedro Gonçalves [this message]
2007-02-07 19:01 ` Grant Taylor
2007-02-08 14:47 ` Fwd: " Pedro Gonçalves
2007-02-08 15:05 ` John A. Sullivan III
[not found] ` <da3a2a260702081118h69944d01g329cf1ae2ac63298@mail.gmail.com>
[not found] ` <45CB83E0.7020305@gmail.com>
[not found] ` <da3a2a260702090827pab52a51kcf71452c85c81fb@mail.gmail.com>
2007-02-09 16:37 ` Pedro Gonçalves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45CA1909.6000807@gmail.com \
--to=pedro.pandre@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=pascal.mail@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox