version 1.0.0, 2014-07-08 : Initial version
Setting up iptables for NAT
Set your server as a gateway, using iptables to create NAT rules is easy!First, remember that on RHEL, iptables config file is /etc/sysconfig/iptables
and the service logs by default to /var/log/messages
.
For this example, our internal network is 193.168.1.0/24 and we are setting our server as a gateway with eth1 on local network and eth0 that has access to the internet.
# First allow ip forwarding at kernel level sysctl -w net.ipv4.ip_forward=1 # Then set your iptables rules iptables -t nat -I POSTROUTING -o eth0 -s 193.168.1.0/24 -j MASQUERADE iptables -I FORWARD 1 -i eth1 -o eth0 -j ACCEPT iptables -I FORWARD 2 -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT # Finally save and restart service service iptables save service iptables restart # Now check your rules iptables -L -n -v iptables --table nat -L -n -v
Important
You will need to add the line
net.ipv4.ip_forward = 1
or change it to
that value in /etc/sysctl.conf
to be sure the change will survive next reboot! Now you have to put this host’s eth1 IP as a gateway in your
/etc/sysconfig/network
file if not already done (if there’s already a gateway,
replace it!):
echo "GATEWAY=193.168.1.1" >> /etc/sysconfig/network
Now you can start to try and ping servers outside your network.