Setting up IPv4 NAT on various devices
Basic configuration using iptables
Perform the following steps to provide NAT routing on a Linux computer using iptables (replace wls3 with your Internet-facing interface and em1 with your private-network-facing interface):
- sysctl net.ipv4.ip_forward=1
- ip addr add W.X.Y.Z/N dev em1
- iptables -t nat -A POSTROUTING -o wls3 -j MASQUERADE
- iptables -A FORWARD -i wls3 -o em1 -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A FORWARD -i em1 -o wls3 -j ACCEPT
Basic configuration using iptables
If you run firewalld, then you can substitute the following command:
firewall-cmd --add-masquerade
Configuration using a WiFi Internet connection and firewalld without NetworkManager
On a smaller computer or device, you might not have NetworkManager installed. These instructions demonstrate how to configure a WiFi adapter to use WPA, and then how to use this device to perform NAT when firewalld is installed.
- wpa_passphrase ESSID >> /etc/wpa_supplicant/wpa_supplicant.conf (replace ESSID).
- /etc/sysconfig/wpa_supplicant (replace EXTNETIF with your external network interface):
INTERFACES="-iEXTNETIF"
- /etc/sysconfig/network-scripts/ifcfg-ESSID (replace ESSID and EXTMACADDRESS):
HWADDR=EXTMACADDRESS MODE=managed ESSID=EECSDS3 BOOTPROTO=dhcp DEFROUTE=yes ZONE=external ONBOOT=yes
- /etc/sysconfig/network-scripts/ifcfg-INTNETIF (replace INTNETIF and INTMACADDRESS):
HWADDR=INTMACADDRESS BOOTPROTO=none IPADDR=10.0.0.1 NETMASK=255.255.255.0 ZONE=internal ONBOOT=yes
- The use of the ZONE keyword above causes ifup to run following commands when bringing up the interfaces:
- firewall-cmd --zone=external --change-interface=EXTNETIF
- firewall-cmd --zone=internal --change-interface=INTNETIF