What's new

How to setting SNAT source port

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ciccio

Occasional Visitor
Hi,
my ISP natively work in IPv6. IPv4 is shared with 4 users, and everyone have assigned 1/4 of ports (I have range from 32768 to 49151) .
ISP router has "ONT mode" function that forward to my Asus RT-AC86U pubblic IPv4 address on WAN interfacce (I can see that as WAN IP address) but internet not working.
I read that there is the possibility to set the SNAT with the source range assigned and it should work.
Anyone can help me? Should i write a rule in the nat-start file?
Should be something like that?:
iptables -t nat -A POSTROUTING -p all -o eth0 -j SNAT --to-source mypublicIPv4address:32768-49151

Thanks in advance
 
Last edited:
I can't imagine how this could work, but I suggest you try it from the SSH command line first and if it does work then put it in a nat-start script.

Code:
iptables -t nat -I POSTROUTING -o eth0 -p tcp -j MASQUERADE --to-ports 32768-49151
iptables -t nat -I POSTROUTING -o eth0 -p udp -j MASQUERADE --to-ports 32768-49151

There's already a masquerade rule for the WAN interface so these rules need to be inserted before it or you can delete the existing rule.
 
I can't imagine how this could work, but I suggest you try it from the SSH command line first and if it does work then put it in a nat-start script.

Code:
iptables -t nat -I POSTROUTING -o eth0 -p tcp -j MASQUERADE --to-ports 32768-49151
iptables -t nat -I POSTROUTING -o eth0 -p udp -j MASQUERADE --to-ports 32768-49151

There's already a masquerade rule for the WAN interface so these rules need to be inserted before it or you can delete the existing rule.
When i am at home I Will try this.
Anyway, this Is my POSTROUTING chain, what rule i must delete and How? Thanks
Chain POSTROUTING (policy ACCEPT 8185 packets, 572K bytes) pkts bytes target prot opt in out source destination 5274 674K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0 2800 508K MASQUERADE all -- * eth0 !192.168.0.1 0.0.0.0/0 497 63409 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
 
It's the second rule that can be removed. It can be quite awkward doing that in a script while allowing for future changes to the WAN interface.

It's simpler to ignore that line and just make sure your new lines are inserted before it so that they take precedence. Like I said, I'm sceptical that this will work so at this point it's just a proof of concept.
 
It seems to work.
This is my nat-start
Bash:
#!/bin/sh
iptables -t nat -I POSTROUTING 2 -o eth0 -j SNAT -p sctp --to-source MyPublicStatipIPv4:32768-49151
iptables -t nat -I POSTROUTING 2 -o eth0 -j SNAT -p udp --to-source MyPublicStatipIPv4:32768-49151
iptables -t nat -I POSTROUTING 2 -o eth0 -j SNAT -p tcp --to-source MyPublicStatipIPv4:32768-49151
I have inserted this rules before masquerading rule (original #2)

There is a way for getting IPv4 WAN address from any (global) variables and avoid hardcoding?
Many thanks
 
There is a way for getting IPv4 WAN address from any (global) variables and avoid hardcoding?
Yes, use MASQUERADE instead of SNAT as I said. That's the point of using MASQUERADE, you don't need to hard code an address.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top