Normally, packets on a network travel from their source (such as your home computer) to their destination (such as www.gnumonks.org) through many different links: about 19 from where I am in Australia. None of these links really alter your packet: they just send it onward.
If one of these links were to do NAT, then they would alter the source or destinations of the packet as it passes through. As you can imagine, this is not how the system was designed to work, and hence NAT is always something of a crock. Usually the link doing NAT will remember how it mangled a packet, and when a reply packet passes through the other way, it will do the reverse mangling on that reply packet, so everything works.
In a perfect world, you wouldn't. Meanwhile, the main reasons are :
Most ISPs give you a single IP address when you dial up to them. You can send out packets with any source address you want, but only replies to packets with this source IP address will return to you. If you want to use multiple different machines (such as a home network) to connect to the Internet through this one link, you'll need NAT.
This is by far the most common use of NAT today, commonly known as masquerading in the Linux world. I call this SNAT, because you change the source address of the first packet.
Sometimes you want to change where packets heading into your network will go. Frequently this is because (as above), you have only one IP address, but you want people to be able to get into the boxes behind the one with the `real' IP address. If you rewrite the destination of incoming packets, you can manage this. This type of NAT was called port-forwarding under previous versions of Linux.
A common variation of this is load-sharing, where the mapping ranges over a set of machines, fanning packets out to them. If you're doing this on a serious scale, you may want to look at Linux Virtual Server.
Sometimes you want to pretend that each packet which passes through your Linux box is destined for a program on the Linux box itself. This is used to make transparent proxies: a proxy is a program which stands between your network and the outside world, shuffling communication between the two. The transparent part is because your network won't even know it's talking to a proxy, unless of course, the proxy doesn't work.
Squid can be configured to work this way, and it is called redirection or transparent proxying under previous Linux versions.
Source : http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-2.html#ss2.1
echo 1 > /proc/sys/net/ipv4/ip_forward
A "Can't locate module ..." error may only indicate that such module is already built in the kernel, and not available as a module, which is normal.
iptables -A POSTROUTING -t nat -o interface -j MASQUERADEThe interface is the device on which the other network (Internet) is connected. It can be ppp0, eth0, eth1, ...
Servers tab | BIND DNS Server | Forwarding & Transfers
Information found on http://www.commentcamarche.net/reslinux/reslproxy.php3
|Class||Number of hosts||Network Id||Subnet Mask||Prefix||Nb of bits for the machine address|
|A||n > 65535||10.0.0.0||255.0.0.0||10/8||24|
|B||255 < n < 65535||from 172.16.0.0 to 172.31.0.0||255.240.0.0||172.16/12||20|
|C||n < 255||from 192.168.0.0 to 192.168.255.0||255.255.255.0||192.168/16||16|
In a prefix, for instance x/y, y is the number of MSB of the binary IP address that refer to the network address.
There is also something exotic called APIPA (for Automatic Private IP Addressing), made on Microsoft's request. Basically, this allows client machines to "auto-configure" their own IP address when they're set to DHCP and no DHCP server appears to be available. An address is chosen in the range :
169.254.0.1 - 169.254.255.254
with mask :
The APIPA service also checks regularly for the presence of a DHCP server (every five minutes, according to Microsoft). If it detects a DHCP server on the network, APIPA stops, and the DHCP server replaces the APIPA networking addresses with dynamically assigned addresses.
APIPA is meant for nonrouted small business environments, usually less than 25 clients.