Question

Describe the rules to modify a NAT router to prevent packets with spoofed IP addresses from exiting a private network.

Answer 1

Rules to modify a NAT router to prevent packets with spoofed IP addresses from exiting a private network.

A NAT router uses mapping rules which translates the source and destination other internet or private networks addresses. The rules are used to modify the source addresses and destination addresses of incoming IP packets or outgoing IP packets and then send the packets on.

The NAT rules are also used in redirecting traffic from a port to another prior and at the same time maintaining integrity during redirection or any modification on the packets.

NAT rules which apply to both IPv4 and IPv6

The following syntax should be followed when creating NAT rules for NAT router

1.The rules must begin with one of the commands below:

map it maps one network or one IP address to another network or IP address respectively.

rdr

rdr redirects packets from one part pair and IP address to another port pair and IP address

bimap

bimap establishes bidirectional NAT between internal and external IP addresses.

map-block

Map block establishes static IP based translation and it is based on algorithm which forces addresses to be translated to destination range.

Rule number 2

Interface name such bge0 should follow the commands in rule number 1

Rule number 2

Choose a parameter which will determine the NAT configuration.

Examples of parameters are

ipmask

which designates network mask

dstipmask :

which designates the address which ipmask is translated to and,.

mapport :

which designates udp, tcp protocols within a range of port numbers

map net2 192.168..0/ -> 10.2.0.1/24

Short Answer:

First of all NAT is further understood as a technological characteristics of a router that will translate ip addresses.

The rules that are modified here to prevent packets with a spoofed IP addresses from existing network involves introducing elaborate protocols which are created to contral access of specific identifiable subnets or specific nodes within the network.It further involves restricting certain dubious services like trojans, worms, and other client or server viruses from linking the main server