how to configure linux as a nat server on a local network

  • WARNING! * this is a reminder that these pages are not intended for the average user. specifically, on a linux distribution that is derived from debian or redhat, you will first need to disable the

    • Network Manager + and possibly several other boot scripts (services in todays "enlightened' $MS-centric world), or you will find yourself fighting it tooth-and-nail…

this is specifically for ipv4, but should work the same for ipv6.

  • untested, but for ipv6 try:

    • proc/sys/net/ipv6/conf/all/forwarding

    • ip6tables

# enable forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

# configure iptables. reset 'em all, first.
# assumes we're not filtering for some other reason
#
# flush tables
#
iptables -t nat    -F >/dev/null 2>&1
iptables -t filter -F >/dev/null 2>&1
#
# set 'em all wide open
#
iptables filter -P INPUT       ACCEPT >/dev/null 2>&1
iptables filter -P OUTPUT      ACCEPT >/dev/null 2>&1
iptables filter -P FORWARD     ACCEPT >/dev/null 2>&1
iptables nat    -P PREROUTING  ACCEPT >/dev/null 2>&1
iptables nat    -P POSTROUTING ACCEPT >/dev/null 2>&1
iptables nat    -P OUTPUT      ACCEPT >/dev/null 2>&1

# now, insert our nat rules
#
/sbin/iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
/sbin/iptables -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $LANIF -o $WANIF -j ACCEPT

don’t forget:

configure an appropriate nameserver for dns. perhaps one could use the public google dns servers:

echo "nameserver 8.8.8.8" > /etc/resolv.conf

configure dns and the default route on the other hosts on the local network. e.g.:

echo "nameserver 8.8.8.8" > /etc/resolv.conf
route del default ; route add default gw 192.168.0.1