Linux configure Network Address Translation or NAT

last updated in Categories ,

Q. How do I configure Linux as a router to perform Network Address Translation (NAT) using iptables? I am using Cent OS.


A. NAT, also known as network masquerading, native address translation or IP-masquerading involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. NAT is very popular because of IPv4 address shortage.

There are a few ways to set up a Linux machine to route. Iptables uses MASQUERADE targets. This is a special, restricted form of SNAT for dynamic IP addresses, such as most Internet service providers provide for modems or DSL.

Type following commands at shell prompt as root user:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /etc/init.d/iptables save
# iptables -L

You can refer this previous article for more details.


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

4 comment

  1. I would love to set up something I have seen Macs be able to do, internet connection sharing. My Mac has only one NIC but yet is able to share it by apparently binding a second alias (?) to that, run DHCP off the second addr range and NAT it. I haven’t seen anything that says exactly how do do this is linux (preferably Ubuntu). How can this be done?

  2. You can do that with ‘aliasing’:

    let the pc get its address from the ISP (will be on eth0). then, do a

    ifconfig eth0:0

    to set up a second subnet on the same network device. From here you can follow the normal instructions described above.

  3. Now im using iptables -t nat -A POSTROUTING -o eth0 -j all the host in the network can able to access internet.i want to allow only one host in the network to use the particular time…how to do it..not for all time only some to do im using centos

  4. Guys, I have the same question as ShaiJu, I am trying to configure a router that will perform NAT under the CentOS 5, please provide me with more information that will help a newbie like me…

    Thank you guys!!

    Still, have a question? Get help on our forum!