Set up SNAT for Private network internet access

From AcrodusWiki

This is to set up a Linux machine to provide routing and SNAT of private network to the internet. This command provides configure the machine using iptables.

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

This command can be explained in the following way:

iptables: the command line utility for configuring the kernel -t nat select table "nat" for configuration of NAT rules. -A POSTROUTING Append a rule to the POSTROUTING chain (-A stands for "append"). -o eth1 this rule is valid for packets that leave on the second network interface (-o stands for "output") -j MASQUERADE the action that should take place is to 'masquerade' packets, i.e. replacing the sender's address by the router's address.

Output interface is the interface to the internet with a public IP address. Can also specify input interface with -I for interface to private LAN. Options -s and -d specify the source ip range and destination range.

This command does not enable the firewall to all forwarding. This can be done with the following command.

iptables -A FORWARD -i eth0 -o eth1 -m state 

  --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Ensure that ipv4 forwarding is enabled in /etc/sysctl.conf

Retrieved from "http://wiki.acrodus.uk/index.php?title=Set_up_SNAT_for_Private_network_internet_access&oldid=39"