NAT

Basic configuration using iptables

Perform the following steps to provide NAT routing on a Linux computer using iptables (replace wls3 with your Internet-facing interface and em1 with your private-network-facing interface):

  1. sysctl net.ipv4.ip_forward=1
  2. ip addr add W.X.Y.Z/N dev em1
  3. iptables -t nat -A POSTROUTING -o wls3 -j MASQUERADE
  4. iptables -A FORWARD -i wls3 -o em1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  5. ip tables -A FORWARD -i em1 -o wls3 -j ACCEPT

Basic configuration using iptables

If you run firewalld, then you can substitute the following command:

firewall-cmd --add-masquerade

Configuration using a WiFi Internet connection and firewalld without NetworkManager

On a smaller computer or device, you might not have NetworkManager installed. These instructions demonstrate how to configure a WiFi adapter to use WPA, and then how to use this device to perform NAT when firewalld is installed.

  1. wpa_passphrase ESSID >> /etc/wpa_supplicant/wpa_supplicant.conf (replace ESSID).
  2. /etc/sysconfig/wpa_supplicant (replace EXTNETIF with your external network interface):
INTERFACES="-iEXTNETIF"
  1. /etc/sysconfig/network-scripts/ifcfg-ESSID (replace ESSID and EXTMACADDRESS):
HWADDR=EXTMACADDRESS
MODE=managed
ESSID=EECSDS3
BOOTPROTO=dhcp
DEFROUTE=yes
ZONE=external
ONBOOT=yes
  1. /etc/sysconfig/network-scripts/ifcfg-INTNETIF (replace INTNETIF and INTMACADDRESS):
HWADDR=INTMACADDRESS
BOOTPROTO=none
IPADDR=10.0.0.1
NETMASK=255.255.255.0
ZONE=internal
ONBOOT=yes
  1. The use of the ZONE keyword above causes ifup to run following commands when bringing up the interfaces:
  • firewall-cmd --zone=external --change-interface=EXTNETIF
  • firewall-cmd --zone=internal --change-interface=INTNETIF