old-www/LDP/nag2/x9803.html

<HTML
><HEAD
><TITLE
>More About Network Address Translation</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="IP Masquerade and Network Address Translation"
HREF="x-087-2-ipmasq.html"><LINK
REL="PREVIOUS"
TITLE="Handling Name Server Lookups"
HREF="x-087-2-masq.namelookups.html"><LINK
REL="NEXT"
TITLE="ImportantNetwork Features"
HREF="x-087-2-appl.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-masq.namelookups.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 11. IP Masquerade and Network Address Translation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-appl.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN9803"
>11.5. More About Network Address Translation</A
></H1
><P
>&#13;The <I
CLASS="EMPHASIS"
>netfilter</I
> software is capable of many different types
of Network Address Translation. IP Masquerade is one simple application of it.</P
><P
>It is possible, for example, to build NAT rules that translate only certain
addresses or ranges of addresses and leave all others untouched, or to
translate addresses into pools of addresses rather than just a single address,
as masquerade does. You can in fact use the <B
CLASS="COMMAND"
>iptables</B
> command
to generate NAT rules that map just about anything, with
combinations of matches using any of the standard attributes, such as source
address, destination address, protocol type, port number, etc.</P
><P
>&#13;Translating the Source Address of a datagram is referred to as &#8220;Source
NAT,&#8221; or <TT
CLASS="LITERAL"
>SNAT</TT
>, in the <I
CLASS="EMPHASIS"
>netfilter</I
>
documentation. Translating the Destination Address of a datagram is known as
&#8220;Destination NAT,&#8221; or <TT
CLASS="LITERAL"
>DNAT</TT
>. Translating the TCP
or UDP port is known by the term <TT
CLASS="LITERAL"
>REDIRECT</TT
>. 
<TT
CLASS="LITERAL"
>SNAT</TT
>, <TT
CLASS="LITERAL"
>DNAT</TT
>, and
<TT
CLASS="LITERAL"
>REDIRECT</TT
> are targets that you may use with the
<B
CLASS="COMMAND"
>iptables</B
> command to build more complex and sophisticated
rules.</P
><P
>&#13;
The topic of Network Address Translation and its uses warrants at least a
whole chapter of its own.<A
NAME="AEN9827"
HREF="#FTN.AEN9827"
>[1]</A
> Unfortunately we don't have the space in this book to cover it in
any greater depth. You should read the IPTABLES-HOWTO for more information, if
you're interested in discovering more about how you might use Network Address 
Translation.</P
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN9827"
HREF="x9803.html#AEN9827"
>[1]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>... and perhaps even a whole book!</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-masq.namelookups.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-appl.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Handling Name Server Lookups</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-ipmasq.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>ImportantNetwork Features</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>