Data

Tools

Indexes

Applications

Experiments

Open Source Science

natpy

python-based network address translator implementation with configurable mapping, allocation, and filtering behavior for Netfilter NFQUEUE

https://github.com/heikobornholdt/natpy

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (6.9%) to scientific vocabulary
Last synced: 8 months ago · JSON representation ·

Repository

python-based network address translator implementation with configurable mapping, allocation, and filtering behavior for Netfilter NFQUEUE

Basic Info
  • Host: GitHub
  • Owner: HeikoBornholdt
  • License: mit
  • Language: Python
  • Default Branch: master
  • Size: 13.7 KB
Statistics
  • Stars: 2
  • Watchers: 2
  • Forks: 1
  • Open Issues: 0
  • Releases: 0
Created over 2 years ago · Last pushed about 2 years ago
Metadata Files
Readme License Citation

README.md

NatPy: python-based network address translator with configurable mapping, allocation, and filtering behavior for Netfilter NFQUEUE

Supported NAT Behaviors

Three different policies define the behavior of the network address translator. These policies can be combined in any way:

Mapping Policy

The mapping policy is triggered every time a packet is sent from a private endpoint behind the NAT to some external public port. The role of a mapping policy is to decide whether a new rule will be added or an existing one will be reused. There are three different behaviors:

  • Endpoint-Independent: Use the same mapping for any public endpoint.
  • Host-Dependent: Create new mapping if the public endpoint's IP address differs.
  • Port-Dependent: Create a new mapping of the public endpoint's IP address or port differences.

Allocation Policy

A new public endpoint is bound whenever a new rule is added. This policy allocates a new port. That is, the mapping policy decides when to bind a new port, and the allocation policy decides which port should be bound as follows: * Port-Preservation: Allocate the same port for mapping as the private endpoint uses. * Port Contiguity: Allocate random port between [1024, 65536) for first mapping. Allocate nächthöheren port für subsequenzt mappings. * Random: Allocate random port between [1024, 65536).

Filtering Policy

The filtering policy decides whether a packet from the outside world to a public endpoint of a NAT gateway should be forwarded to the corresponding private endpoint. There are three filtering policies with the following conditions for allowing receiving: * Endpoint-Independent: Every public endpoint is allowed. * Host-Dependent: Every port of the same public endpoint is allowed. * Port-Dependent: Only the same public endpoint is allowed.

Popular Behaviors:

Here are examples of policies to choose to achieve common NAT type behaviors:

| NAT type | Mapping Policy | Allocation Policy | Filtering Policy | |-----------------|-----------------------------------|-----------------------|------------------------| | Full-cone | endpoint_independent | | endpoint_independent | | Restricted-Cone | endpoint_independent | | host_dependent | | Port-Restricted | endpoint_independent | | port_dependent | | Symmetric | host_dependent/port_dependent | (random) | port_dependent |

Installation

bash apt install build-essential python3-dev libnetfilter-queue-dev pip install -r requirements.txt

Example Usage

In this example, we assume your public WAN address is 93.184.216.34, your private LAN subnet is 192.168.178.0/24, and we want to direct packets to Netfilter queue 0. First, ensure your host has both WAN and LAN interfaces and IP forwarding is enabled (e.g., by run sysctl net.ipv4.ip_forward=1). Then, you need to configure Netfilter to direct traffic to a Netfilter queue by running and starting NatPy.

```bash

direct LAN -> WAN packets to queue

$ iptables --table filter \ --append FORWARD \ --jump NFQUEUE \ --queue-num 0 \ --source 192.168.178.0/24 \ ! --destination 93.184.216.34

direct WAN -> LAN packets to queue

$ iptables --table mangle \ --append PREROUTING \ --jump NFQUEUE \ --queue-num 0 \ --destination 93.184.216.34

start NatPy

$ ./nat.py --mapping portdependent \ --allocation random \ --filtering portdependent \ --lan-subnet 192.168.178.0/24 \ --wan-address 93.184.216.34 \ --queue 0 ```

Help

```bash $ ./nat.py --help usage: nat.py [-h] [--mapping {endpointindependent,hostdependent,port_dependent}] [--allocation {portpreservation,portcontiguity,random}] [--filtering {endpointindependent,hostdependent,port_dependent}] [--lan-subnet LAN_SUBNET] [--wan-address WAN_ADDRESS] [--queue QUEUE] [-v]

python-based network address translator with configurable mapping, allocation, and filtering behavior for Netfilter NFQUEUE

optional arguments: -h, --help show this help message and exit --mapping {endpointindependent,hostdependent,portdependent} new mapping creation policy --allocation {portpreservation,portcontiguity,random} new mappings's port allocation policy --filtering {endpointindependent,hostdependent,portdependent} inbound packet filtering policy --lan-subnet LANSUBNET private IP address range (CIDR notation) --wan-address WANADDRESS public IP address --queue QUEUE queue number for Netfilter -v, --verbose Increase output verbosity ```

License

This is free software under the terms of the MIT License.

Owner

  • Name: Heiko
  • Login: HeikoBornholdt
  • Kind: user
  • Location: Hamburg
  • Company: Universität Hamburg

Maintainer of drasyl

Citation (CITATION.cff) 

# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!

cff-version: 1.2.0
title: NatPy
message: >-
  If you use this software, please cite it using the
  metadata from this file.
type: software
authors:
  - given-names: Heiko
    family-names: Bornholdt
    orcid: 'https://orcid.org/0000-0003-0013-7966'
    affiliation: Universität Hamburg
    email: heiko.bornholdt@uni-hamburg.de
repository-code: 'https://github.com/HeikoBornholdt/NatPy'
abstract: >-
  python-based network address translator with
  configurable mapping, allocation, and filtering
  behavior for Netfilter NFQUEUE.
license: MIT
date-released: '2023-12-10'

GitHub Events

Total
  • Watch event: 1
  • Fork event: 1
Last Year
  • Watch event: 1
  • Fork event: 1

Committers

Last synced: over 1 year ago

All Time
  • Total Commits: 4
  • Total Committers: 1
  • Avg Commits per committer: 4.0
  • Development Distribution Score (DDS): 0.0
Past Year
  • Commits: 4
  • Committers: 1
  • Avg Commits per committer: 4.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Heiko Bornholdt h****o@b****t 4
Committer Domains (Top 20 + Academic)
bornholdt.it: 1

Issues and Pull Requests

Last synced: about 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels