Linux-Noob Forums
Setup a simple NAT in linux - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: Setup a simple NAT in linux (/thread-4075.html)

Setup a simple NAT in linux - anyweb - 2003-12-11


First things first, to do this i assume you have TWO working network cards in your computer, one is connected to the internet (WAN) and the other is connected to your local network (LAN), or think of it as eth0 (WAN) and eth1 (LAN). I also assume that you want eth1 to share the internet with others, however, i am not going to enable a dhcp server, so your 'clients' will have to have their ip settings entered manually. If you want to try this then read on...

 

First off we need to know the ip address of our WAN network card (eth0 the one connected direct to the internet ;-)). So, as root type ifconfig.

That should present you with an output like the following example:-

 

 

Quote:eth0Link encap:Ethernet HWaddr 00:06:5B:02:F6:FF

inet addr:192.168.0.58 Bcast:192.168.0.255 Mask:255.255.255.0

.......

 

 

eth1

Link encap:Ethernet HWaddr 00:02:2D:46:B2:5F

inet addr:100.0.0.1 Bcast:100.0.255.255 Mask:255.255.0.0

.......
 

In the example above i have a WAN (eth0) address which is my connection to the internet via another NAT (lol), and it has the ip address of 192.168.0.58

 

The LAN (eth1) IP address in this example has been set to 100.0.0.1.

 

Ive deliberately set eth1 to 100.0.0.1 so i know its my 'sharing' NAT ip address, and it's the one to point to later.

To set/change your IP settings for a Network card in Red Hat 9 type this as root:-

neat or redhat-config-network

 

Now that you have set your LAN (eth1) IP address, lets get sharing !!!

As root in a console type the following two lines:-

 



Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.0.58




 

>>>PRESS ENTER<<<

 



Code:
echo 1 > /proc/sys/net/ipv4/ip_forward




 

>>>PRESS ENTER<<<

 

Obviously the first line which points to 192.168.0.58 MUST point to your CURRENT WAN IP address (eth0) and NOT my example here.

So if your eth0 ip address= 163.211.12.44 then the line should read

 

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 163.211.12.44

 

Ok, now that is done, now its time to test it, if you have lokkit running (redhats firewall) disable it temporarily to test please.

 

On a client pc, edit it's TCPIP properties as follows

 

IP address=100.0.0.2 (or any value above 1 and up to 255)

SubNet= 255.255.0.0

Default Gateway=100.0.0.1 (eth1)

DNS server 1=192.168.0.58 (eth0)

DNS Server 2=192.168.0.1 (my first NAT, which shares ips to my eth0 WAN connection, change this to your WANS DNS server ip)

 

 

You will have to put the lines below in /etc/rc.d/rc.local if you want to turn it (the NAT) on every time your system boots up.

 



Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to xxx.xxx.xxx.xxx
echo 1 > /proc/sys/net/ipv4/ip_forward




 

Obviously replace xxx.xxx.xxx.xxx with the ip of your current WAN (internet) address.

 

Thats it, test it by pinging www.google.com.

 

you might also want to read the following....

 

Quote:In order for your system to save the iptables rules ...You will need to edit /etc/sysconfig/iptables-config and make sure IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to 'yes'.


Setup a simple NAT in linux - anyweb - 2004-02-27


ok below is a conversation i had while SSH'd to 'squares' fedora box

 

he wanted it to serve internet to the xp box

 

reading the below may give you a clue where you are going wrong in getting NAT to work

 

i hope so

 

to assign the IP address to his network card that had no ip address i did

 

ifconfig eth0 192.168.0.1

 

the conversation is listed first, and the lines i actually did on the fedora box are included below that

 

in squares case

 

eth0=LAN

eth1=WAN

 

cheers

 

anyweb

 

Quote:<anyweb> ok im in<squared> k

<anyweb> which is the internet eth0 or eth1

<squared> the one with the ip, heh..

<anyweb> lol

<squared>

<squared> er

<squared> wtf

<squared> you there?

<anyweb> look at eth0 now

<squared> how?

<anyweb> do ifconfig

<squared> irssi just gone weird

<anyweb> ok

<anyweb> ive set eth0 to 192.168.0.1

<squared> i need root, so i'll have to dc right?

<anyweb> now you should be able to share it

<anyweb> no, just open another console and su -

<anyweb> we can both be connected

<anyweb> do you want me to now setup the sharing between eth1 and eth0 ?

<squared> umm.. how?

<squared> yeh

<anyweb> ok wait

<squared> i dont have X just console

<squared> this is gonna be a sever, didnt see point of having X

<anyweb> ok

<anyweb> try and use the xp machine now

<anyweb> set the ip on the windwso machine to 192.168.0.2

<anyweb> and ping 192.168.0.1

<anyweb> does it work ?

<squared> k, lemme set ip

<squared> yes i get reply

<anyweb> try pinging google

<anyweb> set 192.168.0.1 as the gateway on the xp box

<squared> nope, ping request could not find host google.com

<anyweb> hmm ok hold on

<squared> i can ping its ip tho

<squared> :)

<anyweb> on xp, ping 66.102.9.104

<squared> i think, 66.218.71.198 <-- that google.com's ip?

<anyweb> does that work ?

<anyweb> set your dns 1 to 192..168.0.1 dns 2 to the dns of your 'internet' ip

<anyweb> on the xp box

<squared> yeh, i can ping

<anyweb> can you ping google.com now ?

<squared> nope, lemme do that last step

<anyweb> ok

<squared> nope, still cant ping google.com

<anyweb> hmm

<anyweb> the xp box should have the following

<anyweb> ip=192.168.0.2

<squared> heh, you read my mind..

<squared> go ahead.

<anyweb> sub  255.255.255.0

<squared> yep..

<anyweb> gateway=192.168.0.1

<squared> yep

<anyweb> dns1 = your WAN ip address

<squared> that my public ip?

<anyweb> dns2= you WAN DNS server ip

<anyweb> dns1=your public ip

<squared> whats the wan dns server ip?

<squared> my isps dns servers?

<anyweb> hold on

<squared> k

<anyweb> yeah you need the dns address of your WAN (public)

<anyweb> i dont know what it is

<squared> me either.. heh

<squared> lemme ring them..

<anyweb> nah

<anyweb> lemme try one last thing

<squared> k

<anyweb> if you get discon then just reconnect

<squared> k

<anyweb> try 62.30.0.39 as your dns1

<squared> woot

<squared> works!!!!!!!!!

<anyweb> :)

<anyweb> ok i'll disconnect now

<squared> k, thanks

<anyweb> done !

<squared> thanks alot :)

<anyweb> hey @! i fixed your problem !!

<squared> yeh!

<anyweb> can i paste this output (minus the password stuff) as part of the tips, to give people a clue ?

<squared> sure

<anyweb> cool
 

code below, the bits in (brackets) are only COMMENTS

 



Code:
ifconfig (to see the ip address settings)

ifconfig eth0 192.168.0.1  (to set his eth0 to ip address 192.168.0.1)

ifconfig (to verify that eth0 is now 192.168.0.1)

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 82.42.64.77 (to tell iptables that we are gonna share the internet via nat)

echo 1 > /proc/sys/net/ipv4/ip_forward  (lets start ipforwarding...)




 

and thats it !



Setup a simple NAT in linux - sixtymhz - 2005-01-10


This works in Fedora Core 3, but I had to issue another command:

 



Code:
iptables -F FOWARD




 

The XP machine I was running wasn't able to get any of my ISP DNS servers.

Thanks to FluKex in #linux_noob for the help!

 

- 60mhz