{"id":15445775,"url":"https://github.com/marten-seemann/docker-nat-simulator","last_synced_at":"2025-07-06T20:07:25.816Z","repository":{"id":193634373,"uuid":"689209658","full_name":"marten-seemann/docker-nat-simulator","owner":"marten-seemann","description":"use Docker to simulate a NAT between Docker containers","archived":false,"fork":false,"pushed_at":"2023-09-10T04:05:30.000Z","size":156,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-06T13:49:31.289Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marten-seemann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-09T05:15:33.000Z","updated_at":"2024-04-18T09:31:08.000Z","dependencies_parsed_at":"2024-10-22T19:22:28.671Z","dependency_job_id":null,"html_url":"https://github.com/marten-seemann/docker-nat-simulator","commit_stats":{"total_commits":10,"total_committers":1,"mean_commits":10.0,"dds":0.0,"last_synced_commit":"87ba4967edd7ccf7b35c815be4f33cf076cf4d48"},"previous_names":["marten-seemann/docker-nat-simulator"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/marten-seemann/docker-nat-simulator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marten-seemann%2Fdocker-nat-simulator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marten-seemann%2Fdocker-nat-simulator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marten-seemann%2Fdocker-nat-simulator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marten-seemann%2Fdocker-nat-simulator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marten-seemann","download_url":"https://codeload.github.com/marten-seemann/docker-nat-simulator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marten-seemann%2Fdocker-nat-simulator/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263966170,"owners_count":23536814,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T19:46:01.545Z","updated_at":"2025-07-06T20:07:25.726Z","avatar_url":"https://github.com/marten-seemann.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker NAT Simulator\n\nFor a hole-punching example, see the [hole-punching branch](https://github.com/marten-seemann/docker-nat-simulator/tree/hole-punching).\n\n\nThe logic is loosely based on https://github.com/zzJinux/docker-nat-simulate, but it replaces all bash scripts used for setup with a Docker compose setup.\n\nThe setup only uses iptables to achieve NAT-ing.\n\n## Network Setup\n\n\u003cimg title=\"Network Setup\" src=\"network.png\"\u003e\n\n* The clients (192.168.0.0/16) are in a network that's assumed to be separate from the rest of the network by a NAT.\n* The server (17.0.0.100) is on the other side of the NAT. We intentionally use a public IP (see RFC 1918) here.\n* The router (192.168.0.42 and 17.0.0.42, respectively) acts as a NAT between these two networks.\n\n## Running\n\n```bash\ndocker compose build \u0026\u0026 docker compose up\n```\n\n## Validating the Setup\n\n### Using `ping`\n\nOpen a shell on one of the clients:\n```bash\ndocker exec -it client /bin/bash\n```\n\nThen ping the server:\n```bash\nping server\n```\n\nThis works since the NAT is translating addresses from the internal network to the outside world.\n\nConversely, trying to ping the client from the server does not work, as we'd expect.\n\nOpen a shell on one of the server:\n```bash\ndocker exec -it server /bin/bash\n```\n\nAnd try to ping the client:\n```bash\nping 192.168.0.100\n```\n\n#### Simulating a network delay\n\nOpen a shell on the router (`router`) and add a delay:\n```bash\ntc qdisc add dev eth0 root netem delay 50ms\n```\n\nNow ping the server again from the client container. It's not clear to me why this results in an RTT of 50ms (and not 100ms) though.\n\n### Using `netcat`\n\nWhile the `ping` test shows that basic connectivity is as we'd expect, it doesn't prove that we've actually built a NAT. For that, we'll use `netcat`.\n\nOpen a shell on the server, and start a server:\n```bash\nncat -vk -l 80 -c 'xargs -n1 echo Echo from the server: '\n```\n\nNow in a separate terminal, open a shell on the first client, and establish a connection to the server:\n```bash\nncat -v -p 45678 server 80\n```\n\nOn the server side, we now see an incoming connection originating from 17.0.0.42:45678. It makes sense that we see the connection originating from the router (that's exacty what a NAT is supposed to do). It looks like iptables chose to preserve the port number.\n\nTo check that the NAT functions correctly, open a shell on the second client (`client2`), and establish another connection to the server, using the same source port:\n```bash\nncat -v -p 45678 server 80\n```\n\nNow the NAT has no choice but to allocate a new port number, since both clients are using the same port. You should see an incoming connection on the server from a randomly allocated port number.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarten-seemann%2Fdocker-nat-simulator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarten-seemann%2Fdocker-nat-simulator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarten-seemann%2Fdocker-nat-simulator/lists"}