Help with setting up iptables for Symmetric NAT

walidch · 04-14-2011, 06:53 AM

Hello everyone,

I am having difficulties setting up Symmetric NAT through iptables and I hope you can help me with this issue.

First things first:
"A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host."

Need:
I am working on a SIP application and SIP apps face a problem with NATed networks.
STUN is a solution to such a problem and my SIP application has an embedded STUN client functionality.

Scenario and Technical Details:

192.168.0.200
+-----------------+
| ClientA - My IP |
+-----------------+
|
|GW:
| eth0 eth1 (example public IP address)
| 192.168.0.1 | 123.123.123.123
+-------------|-------------+
| NAT1 |
+-------------|-------------+
|
|
|
stun.1und1.de |
+---------------------------+
| STUN Server |
+---------------------------+

I am using WinSTUN, which requires a STUN Server address (such as the one I specified above) to return my type of NAT.

What I need to achieve is Symmetric NAT through iptables, on the GW server, only on my IP address (192.168.0.200). I don't want it to affect the whole network.

I am running CentOS release 5.4 (Final), and iptables v1.4.10

Thanks a lot everyone,

T3RM1NVT0R · 04-15-2011, 07:59 PM

Quote:

Originally Posted by walidch

Scenario and Technical Details:

192.168.0.200
+-----------------+
| ClientA - My IP |
+-----------------+
|
|GW:
| eth0 eth1 (example public IP address)
| 192.168.0.1 | 123.123.123.123
+-------------|-------------+
| NAT1 |
+-------------|-------------+
|
|
|
stun.1und1.de |
+---------------------------+
| STUN Server |
+---------------------------+

I am using WinSTUN, which requires a STUN Server address (such as the one I specified above) to return my type of NAT.

I am running CentOS release 5.4 (Final), and iptables v1.4.10

Thanks a lot everyone,

Can you tell us your environment a little more in detail I mean if you have the image of your network thats great upload it to thread if not the just mention the devices that will play role in this with their IP addresses.

Also when you say "What I need to achieve is Symmetric NAT through iptables, on the GW server, only on my IP address (192.168.0.200). I don't want it to affect the whole network."

what does that mean?

Are you trying to say you want Symmetric NAT to communicate with GW server via iptables?

Just for your ip 192.168.0.200?

Does that mean you want your IP i.e. 192.168.0.200 should communicate to Symmetric NAT get an external address and as per the rules in IP tables get forwarded to gateway?