How to configure NAT to act as port restricted?

Posted on


I am working on a project which require me to test with different type of NAT. I am using a laptop which is acting as Linux router. Due to some reason it is not able to correctly identify NAT with my stun server.

Here is section of code that I am using

iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to-source
iptables -t nat -A PREROUTING  -i $WAN -j DNAT --to-destination
iptables -A INPUT -i $WAN   -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $WAN   -m state --state NEW -j DROP

Is there a better way?


Do you mean that you want to configure PAT on your Linux software router?

If yes, please try to following command:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT –to

This rule specifies that the NAT table use the built-in PREROUTING
chain to forward incoming HTTP requests exclusively to the listed
destination IP address of

Here is a good guide about how to configure iptables.