How to modify fedora's NAT type?
My OS is fedora3. I use the OS to be a NAT Server. I find the NAT type is symmetric cone. How to modify its NAT type. I want a full cone. Thanks for any idea.
Following is my NAT¡¯s shell script: Echo "1" > /proc/sys/net/ipv4/ip_forward modprobe ip_tables modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc /sbin/iptables -F /sbin/iptables -X /sbin/iptables -Z /sbin/iptables -F -t nat /sbin/iptables -X -t nat /sbin/iptables -Z -t nat /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT /sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE |
Hi,
what do you need exactly? If you want that every single host on your LAN has its own public IP, then stop using masquerading and use the following command instead: iptables -t nat -A POSTROUTING -s $PRIVATE_IP_HOST1 -o ppp0 -j SNAT --to-source $PUBLIC_IP_HOST1 if you want to give access to your internal machines from outside your network, use this: iptables -t nat -A PREROUTING -d $PUBLIC_IP -i ppp0 -j DNAT --to-dest $PRIVATE_IP in both the command lines you can add -p tcp/udp options and --dport/sport so as to limit the way the translation is applied (that's policy nat) you can also use the --to-dest $IP:$PORT so as to do some port redirection. hope it answers your question! |
netfilter does symmetric NAT. Nothing else. If you want full cone your only option if you want to keep using iptables is to manually set up a translation table with all your internal and external ip addresses.
|
Thanks for the replies. I use some P2P communication softs in the LAN. So symmetric nat does not suit my application. Besides setting up a translation table, can I make a real Full cone or Partial/Restricted Cone instead of symmetric cone? thanks for any idea.
|
Please send me the SYMMETRIC NAT configuration using netfilter
Quote:
|
I use WinSTUN tool to test my Linux NAT Type, but it shows "Port Restricted". What tool do you use to test NAT Type?
|
http://linux-ip.net/html/nat-stateless.html try this for reading and/or tools and NAT output.This is for general discussion...http://en.wikipedia.org/wiki/Iptables It stongly directs to the advantages of "iptables". http://tldp.org/HOWTO/HOWTO-INDEX/howtos.html for more about iptables, NAT and tracking rules or tracking packets. Good luck.
|
All times are GMT -5. The time now is 04:51 AM. |