Join Log in
Score:0
Thomas Braun avatar Server

Simulating port/ip translation using IPTables

cn flag
Thomas Braun

Case 1: predictable offset port translation

If I want to simulate a NAT that maps the internal IP to a constant external address and maps the port to (port+offset), how would I do this using iptables?

e.g., :

First mapping: internal: "0.0.0.0:2000" external: "external:3000"

Second mapping: internal: "0.0.0.0:2001" external: "external:3001"

Here, the offset is 1000.

Case 2: predictable non-offset based port-translation

Sometimes, a NAT will take the internal port address and map it to the "next available" external port. Whereas in case 1, the algorithm is a constant offset dependent on the internal port, in this second case, the external port is not dependent on the internal port address.

e.g.,

First mapping: internal: "0.0.0.0:2000" external: "external:43020"

Second mapping: internal: "0.0.0.0:2001" external: "external:43022"

Notice, the delta between the first and second mapping is 2, which implies there is predictability in the port mapping (thus, NAT traversal is possible).

30
0 + 1
nat
ip
A.B avatar
cl flag
A.B
Your intent is a bit vague, it's not clear if you intent to do DNAT or SNAT. Anyway for the 1st case here are the relevants commits/patches (SNAT is soon to be available): https://git.kernel.org/linus/2eb0f624b709e78ec8e2f4c3412947703db99301 + https://git.netfilter.org/iptables/commit/?id=36976c4b54061b0147d56892ac9d402dae3069df and https://marc.info/?l=netfilter-devel&m=167968470213942&w=2 . I didn't understand the 2nd case in the question.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.