Test/Configure All NAT Scenarios(Full Cone,Port Restricted etc) by (1) .using iptables/ethernet/loopback interface
What I am trying to Achieve:
Test/Configure All NAT Scenarios(Full Cone,Port Restricted etc) by (1) .using iptables (2) ethernet interface (3) loopback interface (Using only one machine)
Set Up following configuration :
I am running one VM in a Linux BOX, and performed following configuration :
Linux BOX IP is : 192.168.0.4
Linux Box Virtual Box Gateway IP is : 192.168.56.1
Running Stun Server Binded on : 192.168.56.1
(Primary) and 192.168.0.4
(Secondary) on Linux Box
Running Stun Client on VM(Running on above Linux Server) at 127.0.0.1:2000
, and configured iptables rules to forward loopback interface traffic to ethernet interface (192.168.56.102
) and vice versa.
Expected Result
I should be able to configure each NAT Simulation via iptables/ethernet/loopback interface on which STUN Server running on Host and Stun Client running on VM, and it should tell the type of NAT
Actual Result
iptables doing nothing with the packets in/out to loopback interface
socket sendto call fails with error : "error 22 invalid arguement" because socket has bind with 127.0.0.1:2000
and destination address is : 192.168.56.1
See below in short
[Loopback-Interface(127.0.0.1 :2000 / *Running STUN Client*/ VM) -->[*IPTABLES RULES TO/FROM*] <-- Ethernet-Interface(VM -- 192.168.56.102:2000) ==>|| ==> HOST(Gateway - 192.168.56.1:3478 - *Running STUN Server*)] ::
Examples Rules ::
sudo iptables -t nat -A POSTROUTING -o eth0 -p udp --source 127.0.0.1 --sport 2000 -j SNAT --to-source 192.168.56.102
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --source 127.0.0.1 --sport 2001 -j SNAT --to-source 192.168.56.102
sudo iptables -t nat -A PREROUTING -i eth0 -p udp --destination 192.168.56.102 --dport 2000 -j DNAT --to-destination 127.0.0.1
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --destination 192.168.56.102 --dport 200开发者_如何学Go0 -j DNAT --to-destination 127.0.0.1
It Seems iptables doesn't pick packets from loopback interface
References : http://www.linuxquestions.org/questions/linux-networking-3/iptables-redirect-127-0-0-1-to-192-168-1-113-a-818817/
Please let me know if any body can help on this.
精彩评论