Linux configure Network Address Translation or NAT

by on December 4, 2006 · 4 comments· LAST UPDATED December 4, 2006

in

Q. How do I configure Linux as a router to perform Network Address Translation (NAT) using iptables? I am using Cent OS.

A. NAT, also known as network masquerading, native address translation or IP-masquerading involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. NAT is very popular because of IPv4 address shortage.

There are a few ways to set up a Linux machine to route. Iptables uses MASQUERADE targets. This is a special, restricted form of SNAT for dynamic IP addresses, such as most Internet service providers provide for modems or DSL.

Type following commands at shell prompt as root user:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /etc/init.d/iptables save
# iptables -L

You can refer this previous article for more details.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 Samantha January 13, 2007 at 10:42 pm

I would love to set up something I have seen Macs be able to do, internet connection sharing. My Mac has only one NIC but yet is able to share it by apparently binding a second alias (?) to that, run DHCP off the second addr range and NAT it. I haven’t seen anything that says exactly how do do this is linux (preferably Ubuntu). How can this be done?

Reply

2 Wil September 1, 2007 at 6:16 pm

You can do that with ‘aliasing':

let the pc get its address from the ISP (will be on eth0). then, do a

ifconfig eth0:0 192.168.0.1

to set up a second subnet on the same network device. From here you can follow the normal instructions described above.

Reply

3 shaiju April 24, 2009 at 5:58 am

Now im using iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.now all the host in the network can able to access internet.i want to allow only one host in the network to use the internet..in particular time…how to do it..not for all time only some time..how to do it.now im using centos

Reply

4 Hades August 7, 2009 at 8:16 pm

Guys, I have the same question as ShaiJu, I am trying to configure a router that will perform NAT under the CentOS 5, please provide me with more information that will help a newbie like me…

Thank you guys!!

Reply

Leave a Comment

Tagged as:

Previous Faq:

Next Faq: