Jump to content
Sign in to follow this  
Bob123

NAT with an IP table

Recommended Posts

Anyone know how to make a NAT that has an IP table to match public to private networks?  What I want to do is have a private network of say 192.168.1.x and a public network of say 10.10.10.x.  I'd like to have a table that matches private to public, that way most of the 192 network is behind the NAT and only a few are let through and are translated to 10 network.  Is there a quick and easy way to make that possible with the packet squirrel?  I figured I'm not using it for anything else and I could buy a device that'll do exactly what I want...but at $500, I'm hoping the packet squirrel could do it.  Thanks.

Share this post


Link to post
Share on other sites

Sounds like a simple masquerading NAT rule except for the forwarding part you set the default policy to drop and then set rules to allow your specific IPs through.  As long as the outgoing interface is on that 10.10.10.x network, masquerade will assign it the IP of that interface.  If you are blocking incoming from that outside interface by default then you will need a rule to allow the status mode of ESTABLISHED,RELATED to get through.

 

Lookup iptables and masquerading or setting up a linux machine as a router with iptables.

If you have not played with iptables to that extent.  I advise you to spin up a mini network in virtualbox using 1 ubuntu server and 1 ubuntu desktop (no need to max out their resources).  Have 1 internal NAT network that has no internet access and place the ubuntu desktop there.  Build ubuntu server with 2 interfaces, one is bridged and the other is on the NAT with no internet access.  Now you can enable forwarding on the server and use iptables to create rules to pass traffic from the internal nat to the bridged interface.  In your ubuntu desktop, make the gateway the IP of the server interface that is on the NAT network.  Now you can play with the tables on the server to see if you can get outside access on the desktop vm.

 

If you already know iptables then the above will still help to experiment.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...