List Info

Thread: Re: Setup of different types of NAT
Re: Setup of different types of NAT
country flaguser name
Portugal		 2007-04-19 09:02:19 
Hi Elvir

Sorry if the terms I used are not familiar to everyone.
The types of NAT I am talking about are defined by STUN RFC
3489 
(http://www.faqs
.org/rfcs/rfc3489.html, section 5):
(...)

Full Cone: A full cone NAT is one where all requests from
the
      same internal IP address and port are mapped to the
same external
      IP address and port.  Furthermore, any external host
can send a
      packet to the internal host, by sending a packet to
the mapped
      external address.

   Restricted Cone: A restricted cone NAT is one where all
requests
      from the same internal IP address and port are mapped
to the same
      external IP address and port.  Unlike a full cone NAT,
an external
      host (with IP address X) can send a packet to the
internal host
      only if the internal host had previously sent a packet
to IP
      address X.

   Port Restricted Cone: A port restricted cone NAT is like
a
      restricted cone NAT, but the restriction includes port
numbers.
      Specifically, an external host can send a packet, with
source IP
      address X and source port P, to the internal host only
if the
      internal host had previously sent a packet to IP
address X and
      port P.

   Symmetric: A symmetric NAT is one where all requests from
the
      same internal IP address and port, to a specific
destination IP
      address and port, are mapped to the same external IP
address and
      port.  If the same host sends a packet with the same
source
      address and port, but to a different destination, a
different
      mapping is used.  Furthermore, only the external host
that
      receives a packet can send a UDP packet back to the
internal host.

(...)

I just want to know how to setup Symmetric NAT

Thanks in advance
Pedro


Elvir Kuric wrote:
> Hi Pedro, 
> what is Cone? Some abbervation or what else ?
> Please for clearability describe what you want achieve
> using NAT?
>
> Regards 
>
> Elvir Kuric 
>
> --- Pedro Gonçalves <pedro.pandregmail.com> wrote:
>
>   
>> Hello everyone
>>
>> I want to know *how to* setup this types of NAT:
>> /-Full Cone NAT/
>> /-Restricted Cone NAT/
>> /-Port Restricted Cone NAT/
>> /-Symmetric NAT/
>>
>> Using iptables, I set all policies to
"ACCEPT" and I
>> was able to setup 
>> two kinds of NAT:
>> (192.168.2.170 is my "public" address and
10.0.0.1
>> is my "private" address
>>
>> /-"Full Cone NAT", with the following
rules:/
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT
>> --to-source 192.168.2.170
>> iptables -t nat -A PREROUTING -i eth0 -j DNAT
>> --to-destination 10.0.0.1
>>
>>
>> /-"Port Restricted Cone NAT", with just a
single
>> rule:/
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT
>> --to-source 192.168.2.170/
>>
>> /
>> Now does anyone know how to setup Restricted Cone
>> NAT and Symmetric NAT?
>>
>> Thanks in advance
>> Pedro
>> //
>>
>>
>>     
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
protection around 
> http://mail.yahoo.com 
>
>
Re: Setup of different types of NAT
user name
 2007-04-19 14:21:59 
>   Symmetric: A symmetric NAT is one where all requests
from the
>      same internal IP address and port, to a specific
destination IP
>      address and port, are mapped to the same external
IP address and
>      port.  If the same host sends a packet with the
same source
>      address and port, but to a different destination,
a different
>      mapping is used.  Furthermore, only the external
host that
>      receives a packet can send a UDP packet back to
the internal host.
>
> (...)
>
> I just want to know how to setup Symmetric NAT
>
U can setup that symmetric as follow:

iptables -t nat -A POSTROUTING -p udp -s x.x.x.x --sport
aaaa -d
y.y.y.y --dport bbbb -j snat --to-source z.z.z.z
iptables -t nat -A POSTROUTING -p udp -s x.x.x.x --sport
aaaa -d
0.0.0.0 --dport bbbb -j MASQUERADE



I think that these two rules can make the service that u
want to.

At your own taste and requirements u can specify or not the
source
port and destination port.

If u do not specify that, the translation will occurs for
all ports,
but keeping your idea of one translation specific for one
specific
destination and another for other destinations.



Denis Anjos.


2007/4/19, Pedro Gonçalves <pedro.pandregmail.com>:
> Hi Elvir
>
> Sorry if the terms I used are not familiar to
everyone.
> The types of NAT I am talking about are defined by STUN
RFC 3489
> (http://www.faqs
.org/rfcs/rfc3489.html, section 5):
> (...)
>
> Full Cone: A full cone NAT is one where all requests
from the
>      same internal IP address and port are mapped to
the same external
>      IP address and port.  Furthermore, any external
host can send a
>      packet to the internal host, by sending a packet
to the mapped
>      external address.
>
>   Restricted Cone: A restricted cone NAT is one where
all requests
>      from the same internal IP address and port are
mapped to the same
>      external IP address and port.  Unlike a full cone
NAT, an external
>      host (with IP address X) can send a packet to the
internal host
>      only if the internal host had previously sent a
packet to IP
>      address X.
>
>   Port Restricted Cone: A port restricted cone NAT is
like a
>      restricted cone NAT, but the restriction includes
port numbers.
>      Specifically, an external host can send a packet,
with source IP
>      address X and source port P, to the internal host
only if the
>      internal host had previously sent a packet to IP
address X and
>      port P.
>
>   Symmetric: A symmetric NAT is one where all requests
from the
>      same internal IP address and port, to a specific
destination IP
>      address and port, are mapped to the same external
IP address and
>      port.  If the same host sends a packet with the
same source
>      address and port, but to a different destination,
a different
>      mapping is used.  Furthermore, only the external
host that
>      receives a packet can send a UDP packet back to
the internal host.
>
> (...)
>
> I just want to know how to setup Symmetric NAT
>
> Thanks in advance
> Pedro
>
>
> Elvir Kuric wrote:
> > Hi Pedro,
> > what is Cone? Some abbervation or what else ?
> > Please for clearability describe what you want
achieve
> > using NAT?
> >
> > Regards
> >
> > Elvir Kuric
> >
> > --- Pedro Gonçalves <pedro.pandregmail.com> wrote:
> >
> >
> >> Hello everyone
> >>
> >> I want to know *how to* setup this types of
NAT:
> >> /-Full Cone NAT/
> >> /-Restricted Cone NAT/
> >> /-Port Restricted Cone NAT/
> >> /-Symmetric NAT/
> >>
> >> Using iptables, I set all policies to
"ACCEPT" and I
> >> was able to setup
> >> two kinds of NAT:
> >> (192.168.2.170 is my "public"
address and 10.0.0.1
> >> is my "private" address
> >>
> >> /-"Full Cone NAT", with the
following rules:/
> >> iptables -t nat -A POSTROUTING -o eth0 -j
SNAT
> >> --to-source 192.168.2.170
> >> iptables -t nat -A PREROUTING -i eth0 -j DNAT
> >> --to-destination 10.0.0.1
> >>
> >>
> >> /-"Port Restricted Cone NAT", with
just a single
> >> rule:/
> >> iptables -t nat -A POSTROUTING -o eth0 -j
SNAT
> >> --to-source 192.168.2.170/
> >>
> >> /
> >> Now does anyone know how to setup Restricted
Cone
> >> NAT and Symmetric NAT?
> >>
> >> Thanks in advance
> >> Pedro
> >> //
> >>
> >>
> >>
> >
> >
> >
__________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
protection around
> > http://mail.yahoo.com
> >
> >
>
>
>
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )