NAT & Firewall

Virtual Router with NAT

 The Linux Netfilter framework is used to enable NAT

 The NAT is applicable on any router
 The blue NAT router serves basic address and port translation
 Enable advanced functions by editing the configuration file

Virtual Router with Firewall

 The Linux Netfilter framework is used to enable Firewall

 The Firewall is applicable on any router or any node with
a layer-3 network interface
 Edit the configuration file to define Firewall policies

EstiNet Simulation Platform on Fedora Linux

EstiNet GUI Router 3
Host 1 Router 3 Host 2 Docker Container
P1 P2

iptables, ip6tables, nft

arptables, ebtables
Host 1 Host 2
Network Namespace EstiNet Simulation Engine (SE) note: Network Namespace
or Host 1 Router 3 Host 2
tables: NAT currently or
Docker Container Node Node Node
filter, nat, mangle, does not work Docker Container
Interface Interface Interface Interface
MAC8023 MAC8023 MAC8023 MAC8023 raw, security properly
User App App PHY PHY PHY PHY App App
Link Link Link
Link
P1 P2 APP
Space

Kernel TCP/UDP
TCP/ UDP
TCP/UDP

Space IPv4/IPv6 [Hook]

NF_IP_LOCAL_IN
IPv4/IPv6
ARP ARP
mangle ko

filter ko
IPv4/IPv6
eth0 eth0
security ko Route Table
(tun1) (tun2)
nat ko
ARP ARP

[Hook] [Hook] [Hook]

NF_IP_PRE_
NF_IP_FORWARD NF_IP_LOCAL_OUT
ROUTING

raw ko mangle ko raw ko

conntrack ko filter ko conntrack ko

[Hook]
NF_IP_POST_
mangle ko security ko mangle ko
ROUTING

nat ko mangle ko nat ko

nat ko filter ko
eth0 eth1
(tun3) (tun4) security ko

Visit www.estinet.com for more details