Simulation
Simulating the various kinds of NATs can be done using Linux iptables. In these examples, eth0 is the private network and eth1 is the public
network.
Full-cone
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <public ip goes here>
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination <private ip goes here>
Restricted cone
iptables -t nat POSTROUTING -o eth1 -p tcp -j SNAT --to-source <public ip goes here>
iptables -t nat POSTROUTING -o eth1 -p udp -j SNAT --to-source <public ip goes here>
iptables -t nat PREROUTING -i eth1 -p tcp -j DNAT --to-destination <private ip goes here>
iptables -t nat PREROUTING -i eth1 -p udp -j DNAT --to-destination <private ip goes here>
iptables -A INPUT -i eth1 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state NEW -j DROP
iptables -A INPUT -i eth1 -p udp -m state --state NEW -j DROP
Port-restricted cone
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <public ip goes here>
Symmentric
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE --random
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT