This article going to show you how to setup network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.
Here is my considerations:
Replace xx.xx.xx.xx with your WAN IP
Replace yy.yy.yy.yy with your LAN IP
WAN = eth0 with public IP 220.127.116.11
LAN = eth1 with private IP 172.22.16.1/ 255.255.255.0
Step by Step ProcedureStep #1. Add 2 Network cards to the Linux box
Step #2. Verify the Network cards, Wether they installed properly or not
ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l( The output should be "2")
Step #3. Configure eth0 for Internet with a Public ( IP External network or Internet)
Step #4. Configure eth1 for LAN with a Private IP (Internal private network)
Step #5. Host Configuration (Optional)
cat /etc/hosts127.0.0.1 nat localhost.localdomain localhost
Step #6. Gateway Configuration
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step #7. DNS Configuration
cat /etc/resolv.confnameserver 18.104.22.168 # Primary DNS Server provided by the ISP
nameserver 22.214.171.124 # Secondary DNS Server provided by the ISP
Step #8. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
# Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables restart
Step #9. Testing
# Ping the Gateway of the network from client system
Try it on your client systems
Configuring PCs on the network (Clients)• All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
• The DNS should be set to that of the ISP on the internet.
Windows '95, 2000, XP, Configuration:
• Select "Start" + Settings" + "Control Panel"
• Select the "Network" icon
• Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card.
(NOT the TCP/IP -> Dial-Up Adapter)
• Select the tabs:
o "Gateway": Use the internal network IP address of the Linux box. (172.22.16.1)
o "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
o "IP Address": The IP address (172.22.XXX.XXX - static) and netmask (typically 255.255.255.0 for a small local office network) of the PC can also be set here.