NAT with an IP table

[Bob123]

Anyone know how to make a NAT that has an IP table to match public to private networks?  What I want to do is have a private network of say 192.168.1.x and a public network of say 10.10.10.x.  I'd like to have a table that matches private to public, that way most of the 192 network is behind the NAT and only a few are let through and are translated to 10 network.  Is there a quick and easy way to make that possible with the packet squirrel?  I figured I'm not using it for anything else and I could buy a device that'll do exactly what I want...but at $500, I'm hoping the packet squirrel could do it.  Thanks.

[PoSHMagiC0de]

Sounds like a simple masquerading NAT rule except for the forwarding part you set the default policy to drop and then set rules to allow your specific IPs through.  As long as the outgoing interface is on that 10.10.10.x network, masquerade will assign it the IP of that interface.  If you are blocking incoming from that outside interface by default then you will need a rule to allow the status mode of ESTABLISHED,RELATED to get through.

 

Lookup iptables and masquerading or setting up a linux machine as a router with iptables.

If you have not played with iptables to that extent.  I advise you to spin up a mini network in virtualbox using 1 ubuntu server and 1 ubuntu desktop (no need to max out their resources).  Have 1 internal NAT network that has no internet access and place the ubuntu desktop there.  Build ubuntu server with 2 interfaces, one is bridged and the other is on the NAT with no internet access.  Now you can enable forwarding on the server and use iptables to create rules to pass traffic from the internal nat to the bridged interface.  In your ubuntu desktop, make the gateway the IP of the server interface that is on the NAT network.  Now you can play with the tables on the server to see if you can get outside access on the desktop vm.

 

If you already know iptables then the above will still help to experiment.