The IP network address translation, NAT, is a replacement that has made the features of GNU/Linux IP Masquerade obsolete and that provides new features to the service. One of the improvements included in the TCP/IP stack of GNU/Linux 2.2 is that NAT is integrated into the kernel. In order to use it, we have to compile the kernel with:
CONFIG_IP_ADVANCED_ROUTER, CONFIG_IP_MULTIPLE_TABLES and CONFIG_IP_ROUTE_NAT.
And if we need comprehensive control of the NAT rules (for example, to activate the firewall we must also have
CONFIG_IP_FIREWALL and CONFIG_IP_ROUTE_FWMARK.
In order to work with these new features, we need to use the ip program (which can be obtained at ftp://ftp.inr.ac.ru/ip_routing/). Then, to translate the incoming datagram addresses, we can use:
ip route add nat <extaddr>[/<masklen>] via <intaddr>
This will translate the destination address of an incoming packet addressed to ext-addr (the address that is visible externally from Internet) to int-addr (the address of the internal network through the gateway/firewall). The packet is routed in accordance with the local route table. Single or block addresses can be translated. For example:
ip route add nat 240.0.11.34 via 188.8.131.52 ip route add nat 240.0.11.32/27 via 184.108.40.206
The first makes the internal address 220.127.116.11 accessible as 240.0.11.34. The second remaps the 18.104.22.168/31 block to 240.0.11.32/63. In this case, we have used, as an example, translations to class D and E addresses, such as 240.0.*.* so as not to use a public address. The user must replace these addresses (240.0.11.34 and 240.0.11.3263) for the corresponding public addresses to which they wish to translate. [Ran05]