Public | Automated Build

Last pushed: 3 years ago
Short Description
Short description is empty for this repo.
Full Description


nat44 is a simple way to configure an hig-end NAT-router with netflow

install from repo

add uninett apt key

add repo to sources.list

update and install

  • apt-get update && apt-get install nat44

install from source

Install git, conntrack and python-ipaddr

  • apt-get install conntrack python-ipaddr git debhelper python-support dialog python-docopt

Note: from debian wheezy you need to install python-docopt via pip install

  • apt-get install python-pip
  • pip install docopt

Clone the git repo

cd to new dir, and edit the nat44.conf (configure your system)

  • cd nat44; nano nat44.conf

install nat44 via make

  • make install

Or install nat44 python library

  • python install

configure /etc/nat44/nat44.conf

  • vim /etc/nat44/nat44.conf


First you have to make sure you have the correct settings for nat44.conf (/etc/nat44/nat44.conf), the default config is in /etc/default/nat44.conf

Then you make nat44 configure your linux box to become an nat44 router bassed on your nat44.conf

  • nat44 configure

Everytime you change nat44.conf you have to run nat44 configure, the first time you run nat44 configure it will take some time (compiling modules and snmp).


intern-if = eth1

  • Internal interface, where you have your rfc1918-network. Those that needs the NATing
    • You can define several interfaces, eth1 eth2 eth3
    • it also supports vlan-tag (8011q) eth1.100 eth1.200 eth1.300

ekstern-if = eth0

  • External interface, connected to that internett.

admin-adresse =

  • This is the main public ipaddress of your server

intern-nett =

  • The internal nettwork, not recomended bigger than /20 (~4000 clients)
    • when using several interfaces, you need 1 network per interface.

intern-gw =

  • This is the ipaddress of your internal-interface, the gateway of your NAT clients.
    • when using several interfaces, you ned 1 gateway per interface.

extern-nett =

  • The external nettwork

eksterne-adresser =

  • These are the addresses that we translate the internal-network to.
    • By default you need 1 ipaddress per /24 (~254) clients, this also applies to every subnet.
    • meaning you need 4 external addresses if you have a /22 internal nettwork.
      • notice we use the admin-adresse here aswell. This is optional, but no apparent reason not to use it.
      • pools also acceptable, or it will allow to many addresses, but not to few.

gateway =

  • the gateway towards the rest of that internett

dns =

  • DNS settings, change em to your dns address(es)

log = netflow

  • ipt-netflow module for loging. set to None for no logging

log_ip =

  • what address the netflow-data is sendt to

log_port = 2055

  • sending port for netflow

snmp_key = public

  • default public, this sets snmpd to use the selected comunity_key

NAT-mask = 24

  • default 24, this allows you to increase or decrease the amount of clients per public ipaddress.

rsyslog = None

  • default disabled, you can choose to redirect rsyslog to remote server. specify host:port (rsyslog =

dhcp-server = None

  • default disabled, nat44 can configure dhcp for each internal interface. Merly set this to True (dhcp-server = True)

dns-server = None

  • default disabled, nat44 can configure bind9 to serve as dns. Merly set this to True(dns-server = True)

Example config, 3 vlans, 6 public ipaddresses


internal-if = eth1.100 eth1.200 eth1.300

external-if = eth0

admin-address =

internal-network =

internal-gateway =

external-network =

external-addresses =

default-gateway =

domain =

dns =

log = netflow

log_ip =

log_port = 2059

flow_version = 9

rsyslog =

dhcp-server = True

dns-server = True

NAT-mask = 24

files that may be used by nat44


  • /etc/nat44/nat44.conf
  • /etc/nat44/ipt.conf

netflow modul

  • /etc/modules
  • /etc/modprobe.d/ipt_NETFLOW.conf


  • /etc/default/isc-dhcp-server
  • /etc/dhcp/dhcpd.conf
  • /var/log/dhcp.log
  • /var/lib/dhcp/dhcpd.leases


  • /etc/network/interfaces
  • /etc/network/if-up.d/network


  • /etc/resolv.conf
  • /etc/bind/named.conf
  • /etc/bind/named.conf.options


  • /etc/rsyslog.d/loghost.conf
  • /etc/rsyslog.conf


  • /usr/local/share/snmp/snmpd.conf
  • /var/log/snmpd.log
Docker Pull Command
Source Repository