Scribd
Upload
18 views4 pages

NAT Configuration with iptables Guide

This tutorial shows how to configure network address translation (NAT) on a Linux system using iptables rules to allow the system to act as a gateway and provide internet access to multiple clients on an internal network using a single public IP address. The document provides step-by-step instructions for setting up the iptables rules and configuring both the gateway system and client systems on the internal network.

Uploaded by

bh19100115
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views4 pages

NAT Configuration with iptables Guide

This tutorial shows how to configure network address translation (NAT) on a Linux system using iptables rules to allow the system to act as a gateway and provide internet access to multiple clients on an internal network using a single public IP address. The document provides step-by-step instructions for setting up the iptables rules and configuring both the gateway system and client systems on the internal network.

Uploaded by

bh19100115
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Step-By-Step Configuration of NAT with iptables

English | Deutsch Log in or Sign up

Tutorials Tags Forums Linux Commands Subscribe ISPConfig News

Tutorial search

Tutorials Step-By-Step Configuration of NAT with iptables

Ad Create your beautiful portfolio website with Squarespace.

On this page
Step-By-Step
Configuration of Step-By-Step Configuration of NAT with iptables
Requirements:
NAT with iptables Step by Step Procedure
Configuring PCs on the network (Clients)
This tutorial shows how to set
up network-address-translation
(NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide
internet access to multiple hosts on a local network using a single public IP address. This is achieved
by rewriting the source and/or destination addresses of IP packets as they pass through the NAT
system.

Requirements:

CPU - PII or more


OS - Any Linux distribution
Software - Iptables
Network Interface Cards: 2

Here is my considerations:

Replace [Link] with your WAN IP

Replace [Link] with your LAN IP

(i.e. [Link]/16, [Link]/12, [Link]/8 as suggested by Mr. tzs)

WAN = eth0 with public IP [Link]


This website
LAN uses cookies
= eth1 with to ensureIPyou
private get the best255.255.0.0
[Link]/ experience on our website, analyze site traffic Got it!
and show you relevant ads. More info

[Link] 2:50:59 PM]


Step-By-Step Configuration of NAT with iptables

Step by Step Procedure

Step #1. Add 2 Network cards to the Linux box

Step #2. Verify the Network cards, Wether they installed properly or not

ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l

( The output should be "2")

Step #3. Configure eth0 for Internet with a Public ( IP External network or Internet)

cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
BROADCAST=[Link].255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=[Link]
NETMASK=[Link] # Provided by the ISP
NETWORK=[Link].0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=[Link].1 # Provided by the ISP

Step #4. Configure eth1 for LAN with a Private IP (Internal private network)

cat /etc/sysconfig/network-scripts/ifcfg-eth1

BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=[Link] # Specify based on your requirement
BROADCAST=""
IPADDR=[Link] # Gateway of the LAN
NETWORK=[Link] # Optional
USERCTL=no

[Link] 2:50:59 PM]


Step-By-Step Configuration of NAT with iptables

ONBOOT=yes

Step #5. Host Configuration (Optional)

cat /etc/hosts

[Link] nat [Link] localhost

Step #6. Gateway Configuration

cat /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=nat
GATEWAY=[Link].1 # Internet Gateway, provided by the ISP

Step #7. DNS Configuration

cat /etc/[Link]

nameserver [Link] # Primary DNS Server provided by the ISP


nameserver [Link] # Secondary DNS Server provided by the
ISP

Step #8. NAT configuration with IP Tables

# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.

iptables --flush # Flush all the rules in filter and nat tables

iptables --table nat --flush

iptables --delete-chain

# Delete all chains that are not in default filter and nat table

iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading

[Link] 2:50:59 PM]


Step-By-Step Configuration of NAT with iptables

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth1 -j ACCEPT

# Enables packet forwarding by kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

#Apply the configuration

service iptables restart

Step #9. Testing

# Ping the Gateway of the network from client system

ping [Link]

Try it on your client systems

ping [Link]

Configuring PCs on the network (Clients)

• All PC's on the private office network should set their "gateway" to be the local private network IP
address of the Linux gateway computer.
• The DNS should be set to that of the ISP on the internet.
Windows '95, 2000, XP, Configuration:

• Select "Start" + Settings" + "Control Panel"


• Select the "Network" icon
• Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card.
(NOT the TCP/IP -> Dial-Up Adapter)
• Select the tabs:
o "Gateway": Use the internal network IP address of the Linux box. ([Link])
o "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP
address)
o "IP Address": The IP address ([Link] - static) and netmask (typically [Link] for a
small local office network) of the PC can also be set here.

view as pdf | print

[Link] 2:50:59 PM]

You might also like