Skip to main content
Unix & Linux

Questions tagged [nat]

Ask Question

In computer networking, Network Address Translation (NAT) is the process of modifying IP address information in IPv4 headers while in transit across a traffic routing device.

369 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
0 answers
42 views

When I'm making network diagrams and things of that nature, often I need to put firewalls and routers in them, and I never know what to do with NAT, often I just draw it as an enclave within a ...
Vita's user avatar
  • 320
0 votes
0 answers
29 views

I have what appears to be a unique situation that I am surprised is unique as it's common to most cablemodem implementations... I need to masquerade to the dynamic public address provided by $CABLECO ...
Owen DeLong's user avatar
  • 83
2 votes
1 answer
82 views

I'm currently covering nftables NAT rules. There are four of them, namely: snat: replace the packet's source address with a given one (clear); dnat: replace the packet's destination address with a ...
Gregor's user avatar
  • 23
2 votes
1 answer
136 views

I designed the following topology: Client A -> Server B -> Server C Server C: wireguard server that NATs packets from its clients (in this case just B) before sending them to the Internet. Its ...
Maf's user avatar
  • 151
1 vote
0 answers
211 views

KVM/QEMU libvirt Network "default" NAT Configuration - Guest can connect to host and the host to guest but the guest cannot connect to Internet(no VPN). $ sudo virsh net-list --all Name ...
Pavel Sayekat's user avatar
  • 621
2 votes
1 answer
92 views

I have interfaces enp101s0f0u2u{1..3}, on each of which there is device responding to 192.168.8.1. I want a local processes to be able to reach all of them simultaneously. This is one process, so ...
Mihail Malostanidis's user avatar
  • 121
0 votes
1 answer
251 views

I am attempting to communicate with devices on my LAN via the internet. I have purchased a static IP for my router. When I log in to my router, the IP address displayed on the router GUI matches the ...
BrownianBridge's user avatar
  • 1
2 votes
1 answer
355 views

I have just been watching a video which explains UDP holepunching. https://www.youtube.com/watch?v=GfRLNg6DOnI In this video, some processes which create entries in a router NAT table are explained. ...
user3728501's user avatar
  • 997
1 vote
2 answers
784 views

I have a situation where I've got a target machine behind a standard home router/firewall/NAT configuration (we'll call it target), and a machine with a known public IP address (we'll call it server). ...
maldata's user avatar
  • 165
0 votes
0 answers
34 views

I have a very poorly designed appliance which advertises wifi. But what it actually delivers is a device that can only create a hotspot, and the hotspot name is fixed. The address is also fixed. The ...
Nick's user avatar
  • 1
0 votes
2 answers
63 views

I'm trying to modify ICMP time-exceeded responses (type 11) for traceroute packets, but only when they're responses to traceroute probes from a specific VM. My setup is: Host OS running Ubuntu with ...
Rebroad's user avatar
  • 175
1 vote
1 answer
54 views

I have a fairly standard debian 10 system set up as a router (echo 1 > /proc/sys/net/ipv4/ip_forward) with one WAN (=enp11s0) interface and one DMZ (=enp10s0) interface. The WAN interface has a ...
Patrik Arven's user avatar
  • 13
1 vote
0 answers
214 views

I posted this question over in the Server Fault boards but haven't had any response on it, hoping to get some information by posting it over here. I'm setting up a Fedora VM using HyperV on a Windows ...
Gharbad The Weak's user avatar
  • 193
0 votes
1 answer
358 views

In order to access my webserver (behind CGNAT on my home PC), I established a wireguard tunnel between my home PC (wireguard IP 10.8.0.3) and a VPS (wireguard IP 10.8.0.1 and public IP 11.22.33.44). I ...
Sam's user avatar
  • 101
0 votes
1 answer
97 views

I have a Docker container running on a vanilla setup which listens on port 9999: docker run --rm -it -p 9999:9999 busybox nc -vvl -p 9999 0.0.0.0 I added a LOG rule to the POSTROUTING table on NAT in ...
alecov's user avatar
  • 250
0 votes
0 answers
112 views

Ive got a routing issue on my pfSense box that shows the response to a ping request being routed to a IP in a separate subnet/vlan. 10:25:13.239238 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 9374,...
PowerMan2015's user avatar
  • 103
1 vote
0 answers
182 views

I got 2 IP addresses from my hosting company, xx.xx.xx.109 and xx.xx.xx.110, both in the same subnet. The subnet mask is 255.255.255.192 and the gateway is xx.xx.xx.20 I have a Proxmox server and ...
WarningSign's user avatar
  • 11
0 votes
1 answer
115 views

Background I have a linux machine with bridge interfaces as shown below... ---{prenat}--> ---{postnat}--> source: 172.25.0.3 source: 192.0.2.1 +---------------...
mc1's user avatar
  • 11
1 vote
0 answers
63 views

I need help with the following network and router. Under emergency conditions, I received the following network. The router (Ubuntu) has two interfaces and a DNS function. The private address on the ...
E Malinowski's user avatar
  • 61
0 votes
0 answers
176 views

I've just installed the CloudFlare client + GUI on Ubuntu,that I have virtualized with bhyve (the FreeBSD hypervisor). Cloudflare does not work on FreeBSD. The instructions that I have followed are ...
Marietto's user avatar
  • 599
2 votes
1 answer
430 views

I would like to monitor a router for potential SNAT port exhaustion. I'm fully aware of how unlikely this is to happen. I would still like to know how I could detect this on my running system. Does ...
Philippe's user avatar
  • 599
1 vote
1 answer
75 views

I have a linux SUSE host which has both ipv4 and v6 enabled, below are the interfaces:- eth0,app,eth1 however the default route is available for ipv4 via eth0. Kubernetes is running on this host(...
Pranab Das's user avatar
  • 11
0 votes
0 answers
59 views

I have an iptables firewall (machine 1) and a centos 7 based gateway (machine 2), which is having 2 interfaces (machine-2:int-1) from WAN [/30] and (machine-2:int-2) is LAN [/28] one of the static IP ...
Ratna Kumar's user avatar
  • 11
0 votes
1 answer
89 views

I am trying to follow: https://superuser.com/a/1262250/41337 but I cannot make it work. I do: interface=eth0 down() { ip netns delete myvpn ip link delete vpn0 iptables -D INPUT \! -i ...
Ole Tange's user avatar
  • 37.6k
1 vote
0 answers
98 views

I have a Kubeadm based Kubernetes cluster. Firewalld is running on all nodes on the cluster. I expose a nginx service via NodePort service, that on theory should be accessible via all nodes on the ...
teoman's user avatar
  • 111
1 vote
0 answers
198 views

I am new to iptables and I would appreciate some help understanding a specific rule in the nat table of a router. The router's external interface is vlan2 (111.111.111.111) and the internal interface ...
Cattus's user avatar
  • 111
2 votes
1 answer
399 views

I have a machine that serves both as a router and a server. I have several lxc containers on this machine, and want to expose them to both the LAN and WAN. Following https://access.redhat.com/...
byteit101's user avatar
  • 135
4 votes
2 answers
9k views

I'm trying to run docker inside of Ubuntu 22.04.3 LTS running in WSL-2 on my Windows 10 machine. I have followed the instructions here. But it's still not working, I am getting the following error ...
Genku's user avatar
  • 51
1 vote
1 answer
316 views

I'm trying to set up a simple router in Ubuntu. There are two network interfaces: eth0 - a wired network interface connected to the internet, and wlan0 - configured as an AP with IP address 10.0.9.1. ...
Martin Claesson's user avatar
  • 111
-1 votes
1 answer
462 views

I have two machines, both behind a NAT-ting router, resulting that they can not exchange packets directly. However, I believe such a thing would be still possible over some external help, if the NAT-...
peterh's user avatar
  • 10.5k
0 votes
0 answers
965 views

So i have been given a task to get to know firewalld and linux networking in general. This is my test setup: Router and Client are running Debian 12, Laptop Ubuntu 22.04. This setup should accomplish ...
Niko's user avatar
  • 1
0 votes
1 answer
63 views

I've added the following rules to iptables. -A PREROUTING -p tcp -m tcp --dport 3307 -j DNAT --to-destination 192.168.80.45:330 If I want to add a rule to port 3307, for example, to deny access to ...
user592379's user avatar
  • 1
3 votes
1 answer
579 views

I have a simple Linux router with multiple NICs and IPv4 forwarding enabled. The router has two static WAN IP addresses, assigned to one interface (eth0, eth0:0). (In the following text, I will ...
MrSnrub's user avatar
  • 157
0 votes
0 answers
98 views

I have two interfaces uap0 and eth0 in my embedded Linux device. uap0 acts as an access point for other devices to connect to Linux Device. eth0 interface is connected to my router. And my router is ...
G-Smart's user avatar
  • 11
1 vote
2 answers
124 views

I got some pain to solve the following problem and I would appreciate some help. I have: Server1 connected to the internet and connected on LAN1 (Debian) Public IP: xx.xx.xx.xx Private IP on LAN1: ...
Waldon's user avatar
  • 11
0 votes
0 answers
642 views

I am trying to connect to an FTP server through a NAT network created by another PC that uses two Ethernet cards. I would like to access via FTP client the second PC's FTP server through the first one....
Giacomo Ornati's user avatar
  • 1
1 vote
1 answer
2k views

When installing pivpn on Raspberry Pi it will create an iptables rule: pi@RPi64:~ $ sudo iptables -L -t nat ...
bomben's user avatar
  • 549
1 vote
1 answer
1k views

I'm working from the answer of this question and man nft in order to create some dnat rules in my nftables config. The relevant config extract is: define src_ip = 192.168.1.128/26 define dst_ip ...
Synthetic Ascension's user avatar
  • 259
0 votes
0 answers
121 views

I have the following topology and from myhost I can ping router2 but can't ping router1. With tcpdump I can observe how my pings go and I see that both router1 and router2 reply. But only replies ...
Dims's user avatar
  • 3,485
0 votes
1 answer
462 views

When setting up a counter for a rule in a 'type nat hook prerouting' chain with dnat on a specific port, the counter will only count the initial packet for that rule and the following packets from ...
user3767974's user avatar
  • 11
2 votes
1 answer
835 views

I would like to change source address of every packet generated by a process in given cgroup (version 2). Is that even possible? I have: nftables 1.0.2, linux 5.15 (Ubuntu variant) /system.slice/...
sharpener's user avatar
  • 145
1 vote
1 answer
530 views

On My Linux machine, I have following configuration: br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether bc:e6:7c:51:20:6b txqueuelen 1000 (Ethernet) br0.1: flags=4163<...
RootPhoenix's user avatar
  • 113
0 votes
0 answers
321 views

I wrote such rules for forwarding all ports to another server and back, but I don't like that I reserve port 10000 for this. If you do not specify the port, then when receiving requests from 62.105.38....
Maxim Mandrik's user avatar
  • 101
1 vote
1 answer
1k views

Since I'm using a transparent proxy service, I use a raspberry pi as my home router. Its OS is plain Raspbian. Now I'm setting up a Minecraft server on 192.168.2.28, and am exposing it to WAN using ...
AprilGrimoire's user avatar
  • 157
1 vote
1 answer
1k views

Our router machine has multiple public IPs (/27) on its WAN interface. Now, I want to add dnat rules which match specific dport/saddr/daddr combinations. My dream would be something like this: map ...
tobi_b's user avatar
  • 23
0 votes
1 answer
644 views

I could enable NAT using UFW with following configuration. *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.141.0/24 -o ens192 -j MASQUERADE COMMIT If I want to enable TCPMSS, I have to run ...
yananet's user avatar
  • 31
1 vote
1 answer
1k views

My goal is to run two Docker containers on separate networks and have my host (Ubuntu 22.04) perform NAT so that the first network can reach the second. My setup: docker network create network1 docker ...
Daniel Walker's user avatar
  • 961
1 vote
1 answer
942 views

When creating a dnat rule, you can specify the following command: nft 'add rule ip twilight prerouting ip daddr 1.2.3.0/24 dnat ip prefix to ip daddr map { 1.2.3.0/24 : 2.3.4.0/24 }' And then get ...
Oskar Stenberg's user avatar
  • 75
1 vote
1 answer
1k views

I'd like to reach a machine under a network with NAT and without port forwarding. The machine "closed" behind the no-port-forwarding NAT is called RaspberryB. This machine create a reverse ...
Neopard's user avatar
  • 21
0 votes
1 answer
91 views

On a Linux laptop, I want to give access to locally hosted VM (kvm) from LAN. I'd like to do DNAT to VM. Network client <-- LAN 192.168.3.0/24 --> host <-- bridge 192.168.113.0/24 --> ...
Benoit's user avatar
  • 51

1
2 3 4 5
8