Quote:
Originally posted by alec77
what would be the best way to use simple NAT?
|
well, let's say that [linux router] has internal interface eth0 (on network 10.0.0.0) and external interface eth1 with ip 172.16.0.254, then the POSTROUTING rule for it to NAT for the 10.0.0.0 network would look like:
Code:
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 172.16.0.254
but if [linux router] gets it's ip address from [internet router] via DHCP, then use MASQUERADE instead of SNAT:
Code:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
of course either way you'd also need to activate the forwarding, for example:
Code:
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward