Set up SNAT for Private network internet access

From AcrodusWiki
Revision as of 12:31, 23 September 2024 by Alex (talk | contribs) (Created page with "This is to set up a Linux machine to provide routing and SNAT of private network to the internet. This command provides configure the machine using iptables. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE This command can be explained in the following way: iptables: the command line utility for configuring the kernel -t nat select table "nat" for configuration of NAT rules. -A POSTROUTING Append a rule to the POSTROUTING chain (-A stands for "append"). -o...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This is to set up a Linux machine to provide routing and SNAT of private network to the internet. This command provides configure the machine using iptables.

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

This command can be explained in the following way:

iptables: the command line utility for configuring the kernel -t nat select table "nat" for configuration of NAT rules. -A POSTROUTING Append a rule to the POSTROUTING chain (-A stands for "append"). -o eth1 this rule is valid for packets that leave on the second network interface (-o stands for "output") -j MASQUERADE the action that should take place is to 'masquerade' packets, i.e. replacing the sender's address by the router's address.

Output interface is the interface to the internet with a public IP address. Can also specify input interface with -I for interface to private LAN. Options -s and -d specify the source ip range and destination range.

This command does not enable the firewall to all forwarding. This can be done with the following command.

Retrieved from "http://wiki.acrodus.uk/index.php?title=Set_up_SNAT_for_Private_network_internet_access&oldid=38"