Here I provides two example to setup the Address-Restriced NAT in ubuntu 12.04 by using iptables and ipset.
1. for a fixed client ip address
1 iptables -t nat -A POSTROUTING -p UDP -o $EXTIF -j SNAT --to-source 2 $EXTIP 3 iptables -t nat -A PREROUTING -i $EXTIF -j DNAT --to-destination 4 $CLIENTIP 5 iptables -A FORWARD -i $EXTIF -j DROP 6 7 ipset -N RES_CONDITION ipporthash -exist 8 ipset flush RES_CONDITION 9 iptables -A FORWARD -o $EXTIF -j SET --add-set RES_CONDITION dst, 10 src 11 iptables -I FORWARD 1 -i $EXTIF -m set --match-set RES_CONDITION 12 src,dst -j ACCEPT
Reference:
- iptables usage
- ipset usage
