In: Computer Science
Describe the rules to modify a NAT router to prevent packets with spoofed IP addresses from exiting a private network.
Rules to modify a NAT router to prevent packets with spoofed IP addresses from exiting a private network.
A NAT router uses mapping rules which translates the source and destination other internet or private networks addresses. The rules are used to modify the source addresses and destination addresses of incoming IP packets or outgoing IP packets and then send the packets on.
The NAT rules are also used in redirecting traffic from a port to another prior and at the same time maintaining integrity during redirection or any modification on the packets.
NAT rules which apply to both IPv4 and IPv6
The following syntax should be followed when creating NAT rules for NAT router
1.The rules must begin with one of the commands below:
map it maps one network or one IP address to another network or IP address respectively.
rdr
rdr redirects packets from one part pair and IP address to another port pair and IP address
bimap
bimap establishes bidirectional NAT between internal and external IP addresses.
map-block
Map block establishes static IP based translation and it is based on algorithm which forces addresses to be translated to destination range.
Rule number 2
Interface name such bge0 should follow the commands in rule number 1
Rule number 2
Choose a parameter which will determine the NAT configuration.
Examples of parameters are
ipmask
which designates network mask
dstipmask :
which designates the address which ipmask is translated to and,.
mapport :
which designates udp, tcp protocols within a range of port numbers
map net2 192.168..0/ -> 10.2.0.1/24
Short Answer:
First of all NAT is further understood as a technological characteristics of a router that will translate ip addresses.
The rules that are modified here to prevent packets with a
spoofed IP addresses from existing network involves introducing
elaborate protocols which are created to contral access of specific
identifiable subnets or specific nodes within the network.It
further involves restricting certain dubious services like trojans,
worms, and other client or server viruses from linking the main
server