This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Friday, October 9, 2015

Step-By-Step Configuration Guide for NAT with IPTABLES

This guide shows how to set up network-address-translation (NAT) on a Linux system with iptables so that the system can act as a gateway and provide internet access to multiple hosts on a local are network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

Assuming that you have:

OS - Any Linux distribution
Software - Iptables
Network Interface Cards: 2

WAN = eth0 with public IP xx.xx.xx.xx (Replace xx.xx.xx.xx with your WAN IP)
LAN = eth1 with private IP yy.yy.yy.yy / (Replace yy.yy.yy.yy with your LAN IP)

Step by Step Procedure:

Step #1. Configure eth0 for Internet with a Public ( IP External network or Internet)

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Edit the following in that file.

NETMASK=    # Provided by the ISP
GATEWAY=xx.xx.xx.1    # Provided by the ISP

Step #2. Configure eth1 for LAN with a Private IP (Internal Local Area network)

vi /etc/sysconfig/network-scripts/ifcfg-eth1

NETMASK=        # Specify based on your requirement
IPADDR=        # Gateway of the LAN

Step #3. Gateway Configuration

vi /etc/sysconfig/network
    GATEWAY=xx.xx.xx.1    # Internet Gateway, provided by the ISP

Step #4. DNS Configuration

cat /etc/resolv.conf

Step #5. NAT configuration with IP Tables

    # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
# Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPTclip_image001
# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables restart

Step #6. Configuring PCs on the network (Clients)

All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.

Step #7. Testing
# Ping the Gateway of the network and some website from the client system

No comments:

Post a Comment