Network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.
Minimum Requirements are any Linux OS, Iptables and Two Network interface card.
Ex:
WAN = eth0 with public IP xx.xx.xx.xx
LAN = eth1 with private IP yy.yy.yy.yy/ 255.255.0.0
1)Configure eth0 for Internet with a Public IP
#sudo vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 202.XX.XX.XX – Provided by the ISP
netmask 255.255.255.0
gateway xxx.xx.xx.xx
2)Configure eth1 for LAN with a Private IP (Internal private network)
#sudo vim /etc/network/interfaces
auto eth1
iface eth1 inet static
address 192.168.5.2 ———-> Gateway Lan
netmask 255.255.255.0
#sudo vim /etc/resolv.conf
nameserver 202.xx.xxx.xx
4)NAT configuration with IP Tables
Delete and flush the iptables rules. Default table is “filter”. Others like “nat” must be explicitly stated.
#sudo iptables –flush # Flush all the rules in filter and nat tables
#sudo iptables –table nat –flush
#sudo iptables –delete-chain
# Delete all chains that are not in default filter and nat table
#sudo iptables –table nat –delete-chain
Set up IP FORWARDing and Masquerading
#sudo iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
#sudo iptables –append FORWARD –in-interface eth1 -j ACCEPT
Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
Apply the configuration
#sudo iptables-save
For List the iptables rules
#sudo iptables -L
For testing Ping the Gateway of the network from client system.
#ping 192.168.5.2
Note:
•   All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
•   The DNS should be set to that of the ISP on the internet. Windows ’95, 2000, XP, Configuration
|
|
Ubuntu Technical Documentation
|
|
|
|
|
|
|
Ubuntu 7.10 to 9.04 Documentation
Network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.
Minimum Requirements are any Linux OS, Iptables and Two Network interface card.
Ex:
WAN = eth0 with public IP xx.xx.xx.xx
LAN = eth1 with private IP yy.yy.yy.yy/ 255.255.0.0
1)Configure eth0 for Internet with a Public IP
#sudo vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 202.XX.XX.XX – Provided by the ISP
netmask 255.255.255.0
gateway xxx.xx.xx.xx
2)Configure eth1 for LAN with a Private IP (Internal private network)
#sudo vim /etc/network/interfaces
auto eth1
iface eth1 inet static
address 192.168.5.2 ———-> Gateway Lan
netmask 255.255.255.0
#sudo vim /etc/resolv.conf
nameserver 202.xx.xxx.xx
4)NAT configuration with IP Tables
Delete and flush the iptables rules. Default table is “filter”. Others like “nat” must be explicitly stated.
#sudo iptables –flush # Flush all the rules in filter and nat tables
#sudo iptables –table nat –flush
#sudo iptables –delete-chain
# Delete all chains that are not in default filter and nat table
#sudo iptables –table nat –delete-chain
Set up IP FORWARDing and Masquerading
#sudo iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
#sudo iptables –append FORWARD –in-interface eth1 -j ACCEPT
Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
Apply the configuration
#sudo iptables-save
For List the iptables rules
#sudo iptables -L
For testing Ping the Gateway of the network from client system.
#ping 192.168.5.2
Note:
•   All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
•   The DNS should be set to that of the ISP on the internet.
Windows ’95, 2000, XP, Configuratio
|
|
March 27th, 2012 on 4:22 pm
i have two interfaces eth0 10.202.70.227 and eth0:0 192.168.222.66 i want to nat 192.168.222.66 behind 10.202.70.227 so if some one calls 192.168.222.66 it goes through 10.202.70.227. how can i do that when i try iptables -A FORWARD -i eth0:0 -j ACCEPT i get warning:
Warning: weird character in interface `eth0:0′ (No aliases, :, ! or *).
how to get this natting done? please help.