Home
Download

Open Source

Projects
Patches

System Integration

Notes
SRPMs

Setting up IPv4 NAT on various devices

Basic configuration using iptables

Perform the following steps to provide NAT routing on a Linux computer using iptables (replace wls3 with your Internet-facing interface and em1 with your private-network-facing interface):

  1. sysctl net.ipv4.ip_forward=1
  2. ip addr add W.X.Y.Z/N dev em1
  3. iptables -t nat -A POSTROUTING -o wls3 -j MASQUERADE
  4. iptables -A FORWARD -i wls3 -o em1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  5. iptables -A FORWARD -i em1 -o wls3 -j ACCEPT

Basic configuration using iptables

If you run firewalld, then you can substitute the following command:

firewall-cmd --add-masquerade

Configuration using a WiFi Internet connection and firewalld without NetworkManager

On a smaller computer or device, you might not have NetworkManager installed. These instructions demonstrate how to configure a WiFi adapter to use WPA, and then how to use this device to perform NAT when firewalld is installed.

  1. wpa_passphrase ESSID >> /etc/wpa_supplicant/wpa_supplicant.conf (replace ESSID).
  2. /etc/sysconfig/wpa_supplicant (replace EXTNETIF with your external network interface):
    INTERFACES="-iEXTNETIF"
    
  3. /etc/sysconfig/network-scripts/ifcfg-ESSID (replace ESSID and EXTMACADDRESS):
    HWADDR=EXTMACADDRESS
    MODE=managed
    ESSID=EECSDS3
    BOOTPROTO=dhcp
    DEFROUTE=yes
    ZONE=external
    ONBOOT=yes
    
  4. /etc/sysconfig/network-scripts/ifcfg-INTNETIF (replace INTNETIF and INTMACADDRESS):
    HWADDR=INTMACADDRESS
    BOOTPROTO=none
    IPADDR=10.0.0.1
    NETMASK=255.255.255.0
    ZONE=internal
    ONBOOT=yes
    
  5. The use of the ZONE keyword above causes ifup to run following commands when bringing up the interfaces:
    1. firewall-cmd --zone=external --change-interface=EXTNETIF
    2. firewall-cmd --zone=internal --change-interface=INTNETIF
Email: www@flyn.org — ✉ 6110 Campfire Court; Columbia, Maryland 21045; USA