FirstServed Tech Blog - FirstServed and the Art of Server Tuning

Iptables NAT

Here is a quick and dirty iptables based NAT solution for linux servers:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 --source 192.168.0.1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j REJECT

Here we will provide internet access to the host 192.168.0.1 behind eth1 over our own internet connection on eth0.
The ip of eth0 can be dynamic. The host 192.168.0.1 will be using the ip of eth0 on the internet.

We only accept traffic from the ip 192.168.0.1, the rest is rejected.

Oh, and don’t forget to enable ipv4 forwarding in the kernel!
Add:

net.ipv4.ip_forward = 1

to /etc/sysctl.conf and run:

sysctl -p /etc/sysctl.conf

Or just run:

echo 1 > /proc/sys/net/ipv4/ip_forward

Your Milage May Vary…

Tags: , , ,

This entry was posted on Tuesday, May 24th, 2011 at 2:21 pm and is filed under Hosting, Servers,.... You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

Search

Categories

Tags

.NET framework Adobe Flex apache Blurry bonding CentOS citrix Citrix XenServer cloning dedicated hosting dell DNS Drawing DRBD drupal eaccelerator EDGE flash FTP GetText GPRS hosting IIS Jagged Lines Linux Mac mobile internet MySQL network PHP5 pi provisioning redundant path server servers sharepoint Skins SNMP SQL Server SSH virtualization Windows windows 2003 Xen
© 2011 FirstServed