Configuring NAT with IPTABLES in Linux

Step-By-Step Configuration Guide for NAT with IPTABLES
This guide shows how to set up network-address-translation (NAT) on a Linux system with iptables so that the system can act as a gateway and provide internet access to multiple hosts on a local are network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

Assuming that you have:
OS - Any Linux distribution
Software - Iptables
Network Interface Cards: 2

WAN = eth0 with public IP xx.xx.xx.xx (Replace xx.xx.xx.xx with your WAN IP)
LAN = eth1 with private IP yy.yy.yy.yy / (Replace yy.yy.yy.yy with your LAN IP)

Step by Step Procedure:

Step #1. Configure eth0 for Internet with a Public ( IP External network or Internet)
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Edit the following in that file.

NETMASK=    # Provided by the ISP
GATEWAY=xx.xx.xx.1    # Provided by the ISP

Step #2. Configure eth1 for LAN with a Private IP (Internal Local Area network)

vi /etc/sysconfig/network-scripts/ifcfg-eth1

NETMASK=        # Specify based on your requirement
IPADDR=        # Gateway of the LAN

Step #3. Gateway Configuration
vi /etc/sysconfig/network
    GATEWAY=xx.xx.xx.1    # Internet Gateway, provided by the ISP

Step #4. DNS Configuration
cat /etc/resolv.conf
    nameserver      # Primary DNS Server provided by the ISP
    nameserver        # Secondary DNS Server provided by the ISP

Step #5. NAT configuration with IP Tables
    # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
# Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPTclip_image001
# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables restart

Step #6. Configuring PCs on the network (Clients)
All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.

Step #7. Testing
# Ping the Gateway of the network and some website from the client system

Share this

Related Posts

Next Post »


Write comments
March 19, 2013 at 9:27 PM delete

Good & usefull artical
Thanks.. Keep improving


What do you think about this Article? Add your Opinion..! EmoticonEmoticon