This guide shows how to set up network-address-translation (NAT) on a Linux system with iptables so that the system can act as a gateway and provide internet access to multiple hosts on a local are network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.
Assuming that you have:
OS - Any Linux distribution
Software - Iptables
Network Interface Cards: 2
WAN = eth0 with public IP xx.xx.xx.xx (Replace xx.xx.xx.xx with your WAN IP)
LAN = eth1 with private IP yy.yy.yy.yy / 255.255.0.0 (Replace yy.yy.yy.yy with your LAN IP)
Step by Step Procedure:
Step #1. Configure eth0 for Internet with a Public ( IP External network or Internet)
vi /etc/sysconfig/network-scripts/ifcfg-eth0
Edit the following in that file.
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
GATEWAY=xx.xx.xx.1 # Provided by the ISP
Step #2. Configure eth1 for LAN with a Private IP (Internal Local Area network)
vi /etc/sysconfig/network-scripts/ifcfg-eth1
NETMASK=255.255.0.0 # Specify based on your requirement
IPADDR=192.168.2.1 # Gateway of the LAN
Step #3. Gateway Configuration
vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step #4. DNS Configuration
cat /etc/resolv.conf
nameserver 203.145.184.13 # Primary DNS Server provided by the ISP
nameserver 202.56.250.5 # Secondary DNS Server provided by the ISP
Step #5. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
# Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables restart
Step #6. Configuring PCs on the network (Clients)
All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.
Step #7. Testing
# Ping the Gateway of the network and some website from the client system
ping 192.168.2.1
ping www.google.com
1 comments:
Write commentsGood & usefull artical
ReplyThanks.. Keep improving
What do you think about this Article? Add your Opinion..! EmoticonEmoticon