iptables will always try to avoid making any port alterations if possible, but if two hosts try to use the same ports, iptables will map one of them to another port. This is only valid if -p tcp or -p udp was specified somewhere in the match of the rule in question. The port bit of the rule would then look like in the example above, :1024-32000. All the source ports would then be confined to the ports specified. We can also specify a range of ports to be used by SNAT. The source IP for each stream that we open would then be allocated randomly from these, and a single stream would always use the same IP address for all packets within that stream. The -to-source IP numbers could then, for instance, be something like in the above example: 194.236.50.155-194.236.50.160. If we want to balance between several IP addresses, we can use a range of IP addresses, separated by a hyphen. This option, at its simplest, takes one IP address which we want to use for the source IP address in the IP header. The -to-source option is used to specify which source the packet should use. This job can be done by a SNAT, not a PAT.įurthermore, you are wrong assuming SNAT/MASQUERADE does not change source ports. When the source is in a rfc1918 (private IP) network and the destination is a public IP, because rfc1918 networks are not routable over Internet, a NAT is required to replace the private IP by the public IP. Kibana (1) Electricity (1) Electronics (4) Energy (1) Excel (1) External IP (1) eyeD3 (1) Family (1) ffmpeg (1) Files (1) Fire HD (1) firefox (1) FLAC (1) FQDN (1) FreeCAD (1) fstab (1) FTA (1) full duplex (1) Geo (1) Geyser (1) Git (1) Github Gist (1) gns3 (2) GPS (1) Graylog2 (1) GreaseMonkey (1) Grsync (1) ICU (1) id3v2 (1) interface (1) iPad2 (4) iPod (3) ISS (1) iTunes (4) iTunes Server (2) Java (2) Kate (1) Kubuntu (5) lamp (1) Launcher (1) Lerice (1) links (1) linux (8) Linux Mint (2) lirc (1) Logstash (1) loopback (1) lsof (1) Microsoft (1) Mikrotik (5) Minecraft (1) Minicom (1) MKV (2) mongodb (1) Monitoring (1) Movies (1) mp3 (4) mp4 (1) music (3) MusicBrainz (1) MusicBrainz Picard (1) Mythbuntu (5) MythTV (2) NAS (2) Netgear (1) Netplan (1) netstat (1) networking (2) Node.If the destination can route its traffic to the source, no NAT or PAT is required.Īs an example, no NAT/PAT is required if the VPN clients in 10.8.0.0/24 want to talk with your LAN devices in 192.168.1.0/24, as long as the involved devices can route to the other network (through their gateway). 3D Printing (1) AACS (1) Airplay (1) Airprint (1) Amazon Kindle (1) Android (1) apache2 (1) App Store (1) Apple (5) Appliances (3) Applications (3) apt-file (1) Archi (1) Arduino (3) Asus N56V (1) Automator (1) avi (1) backup (1) bad (1) Bandwidth (1) bash (6) Biltong (1) Bind (1) Blogger (1) Bluray (1) Bootloop (1) Bridge Mode (1) Bumblebee (1) Cacti (1) Calibre (1) Canon (2) Card Reader (1) certificate (1) Chromecast (1) Cisco (2) Cisco ASA (1) Citrix (1) clone (1) command line (3) compilation (1) Computing (42) convert (2) CUE (1) Cura (1) curl (1) Database (1) dd (1) Decompiler (1) Development (5) diff (1) disown (1) DL834 (1) DNS (3) DRM (1) DSTV (1) duplicates (1) Earphones (1) eBook (1) Elasticsearch.
0 Comments
Leave a Reply. |