This tutorial shows how to set up network-address-translation (NAT) on a
Linux system with iptables rules so that the system can act as a
gateway and provide internet access to multiple hosts on a local network
using a single public IP address. This is achieved by rewriting the
source and/or destination addresses of IP packets as they pass through
the NAT system.
Step by Step Procedure
Step 1. Add 2 Network cards to the Linux box
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)
# cat ifcfg-eth0
# cat ifcfg-eth1
# cat /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# cat /etc/sysconfig/network
# cat /etc/resolv.conf
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:
Ping the Gateway of the network from client system: ping 192.168.2.1
Try it on your client systems: ping google.com
Configuring PCs on the network (Clients)
All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.
Windows 2000, XP, Configuration:
Select "Start" + Settings" + "Control Panel"
Select the "Network" icon
Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
Select the tabs:
"Gateway": Use the internal network IP address of the Linux box. (192.168.1.1)
"DNS Configuration": Use the IP addresses of the ISP Domain Name Servers.
"IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
Step by Step Procedure
Step 1. Add 2 Network cards to the Linux box
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)
# cat ifcfg-eth0
DEVICE=eth0Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
BOOTPROTO=none
BROADCAST=xx.xx.xx.255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
NETWORK=xx.xx.xx.0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1 # Provided by the ISP
# cat ifcfg-eth1
BOOTPROTO=noneStep 5. Host Configuration (Optional)
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.1.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes
# cat /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# cat /etc/sysconfig/network
NETWORKING=yesStep 7. DNS Configuration
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
# cat /etc/resolv.conf
nameserver 208.67.222.222 # Primary DNS Server provided by the ISPStep 8. NAT configuration with IP Tables
nameserver 208.67.220.220 # Secondary DNS Server provided by the ISP
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:
iptables -FNow delete these chains:
iptables -t nat -F
iptables -t mangle -F
iptables -X# Set up IP FORWARDing and Masquerading
iptables -t nat -X
iptables -t mangle -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE# Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward#Apply the configuration
service iptables save# Check if iptables is set to start during boot up
service iptables restart
chkconfig –list iptablesStep 9. Testing
Ping the Gateway of the network from client system: ping 192.168.2.1
Try it on your client systems: ping google.com
Configuring PCs on the network (Clients)
All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.
Windows 2000, XP, Configuration:
Select "Start" + Settings" + "Control Panel"
Select the "Network" icon
Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
Select the tabs:
"Gateway": Use the internal network IP address of the Linux box. (192.168.1.1)
"DNS Configuration": Use the IP addresses of the ISP Domain Name Servers.
"IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
0 comments:
Post a Comment