IOS vs. IPTABLES (when using NAT)

polm

As I review for my CCNA I come to the portion concerning NAT and PAT on Cisco IOS.

I run an IPTABLES based firewall @home, and I use the Masquerade feature to allow my @home LAN nodes to access the internet using my 1 dynamically assigned global IP address.

The impression I get from IOS running NAT is that only one node can be translated to one IP at a given time. Therefore the number of available IP's to be placed in a dynamic pool must accomidate the number of translated connections that must be running at one time.

At home, I can execute multiple outbound sessions to different global IP's from different @home LAN nodes without any problem. This is all using that same 1 global IP assigned from my ISP.

So..my question is; How does IPTABLES Masquerading differ from the Cisco IOS NAT/PAT service in terms of multiple simultaneos connections from many Inside local hosts to many Outside global hosts.

tunerX

It is the same way. You can specify static address translations where one inside address is translated to one outside address. You can specify a pool where you have a group of inside addresses that are translated to a group of outside addresses. You have the overload feature which translates multiple inside addresses to a single outside address. You can do match statements that will keep the same host portion of the address on both the inside and outside; only the network numbers will change. In the case of overload then PAT is used to keep track of the multiple inside addresses that are translated to a single outside address.

tunerX

You can also do static PAT. This function allows you to specify outside ports and an outside address to translate to a specific inside address and/or port.