Iptables 1:1 NAT
1:1 NAT maps a single Public IP Address to one of your computer within your local area network (LAN).
Unlike port forwarding, 1:1 NAT forwards all ports from one external IP to one internal IP.
iptables -t nat -A POSTROUTING -o eth0 -s 10.25.39.2 -j SNAT --to-source 126.96.36.199 iptables -t nat -A PREROUTING -i eth0 -d 188.8.131.52 -j DNAT --to-destination 10.25.39.2 iptables -A FORWARD -s 184.108.40.206 -j ACCEPT iptables -A FORWARD -d 10.25.392 -j ACCEPT
I have to connect two LANs: LAN1: 10.10.0.0/16 and LAN2: 192.168.0.0/16. I can't do simple routing, because 192.168.0.0/16 net is prohibited in LAN1, so I am thinking of using Full cone nat (1:1) to translate 192.168.x.y/16 to 10.11.x.y/16. Each translation is done by these rules:
iptables -t nat -A PREROUTING -d 10.25.39.0/24 -j DNAT --to-destination 220.127.116.11/24 iptables -t nat -A POSTROUTING -s 18.104.22.168/24 -j SNAT --to-source 10.25.39.0/24
But I will have to enter 254*254*2 rules, what will, I think, result in enormous performance degradation. So, is there a way to write such one-to-one translation with minimum number of rules?
NETMAP This target allows you to statically map a whole network of addresses onto another network of addresses. It can only be used from rules in the nat table. --to address[/mask] Network address to map to. The resulting address will be constructed in the following way: All 'one' bits in the mask are filled in from the new 'address'. All bits that are zero in the mask are filled in from the original address.
iptables -t nat -A PREROUTING -d 10.25.39.0/24 -j NETMAP --to 22.214.171.124/24 iptables -t nat -A POSTROUTING -s 126.96.36.199/24 -j NETMAP --to 10.25.39.0/24