Network Address and Port Translation (NAPT) - Linux

OS: 
UNIX
Function: 
NAT
NAPT
Summary
  • This is a special use of NAT that allows multiple private IP addresses to be mapped to a single public IP address. This use of NAT is called IP masquerading, port address translation (PAT), or  network address and port translation (NAPT). If the private network has only a single public IP address but has multiple hosts in the private network, IP masquerading modifies the port number of packets so that the single public IP address can be overloaded. 
Detailed Description
  • On a Linux system, the configuration of NAT manipulates a set of rules of the netfilter utility, called the NAT table. The rules in the NAT table are grouped in so-called chains. Two of the built-in chains are called PREROUTING and POSTROUTING:
    • PREROUTING: The rules in this chain are applied to incoming datagrams. 
    • POSTROUTING: The rules in this chain are applied to outgoing datagrams. The main rule is SNAT (source network address translation), which specifies how the source address of an outgoing IP datagram should be modified.
Commands
  • The following are some of the most important commands that manipulate the NAT table:

iptables -t nat -L Displays all rules in the NAT table
iptables -t nat -D POSTROUTING 1 Deletes the first rule in the POSTROUTING chain of the NAT table
iptables -t nat -F Deletes all entries in (flushes) the NAT table
iptables -t nat -A POSTROUTING -j SNAT --to IPAddr1 -s IPAddr2/netmask Adds the following rule to the POSTROUTING chain of the NAT table:
“in IP datagrams that go to the public network, the IP source address IPAddr2/netmask is changed to IPAddr1”
Example: iptables -t nat -A POSTROUTING -j SNAT --to 128.195.7.32 -s 10.0.1.0/24 the source address of outgoing IP datagrams that match 10.0.1.0/24 is changed to 128.195.7.32