Linux configure Network Address Translation or NAT

Q. How do I configure Linux as a router to perform Network Address Translation (NAT) using iptables? I am using Cent OS.

A. NAT, also known as network masquerading, native address translation or IP-masquerading involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. NAT is very popular because of IPv4 address shortage.

There are a few ways to set up a Linux machine to route. Iptables uses MASQUERADE targets. This is a special, restricted form of SNAT for dynamic IP addresses, such as most Internet service providers provide for modems or DSL.

Type following commands at shell prompt as root user:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /etc/init.d/iptables save
# iptables -L

You can refer this previous article for more details.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • Samantha Jan 13, 2007 @ 22:42

    I would love to set up something I have seen Macs be able to do, internet connection sharing. My Mac has only one NIC but yet is able to share it by apparently binding a second alias (?) to that, run DHCP off the second addr range and NAT it. I haven’t seen anything that says exactly how do do this is linux (preferably Ubuntu). How can this be done?

  • Wil Sep 1, 2007 @ 18:16

    You can do that with ‘aliasing’:

    let the pc get its address from the ISP (will be on eth0). then, do a

    ifconfig eth0:0

    to set up a second subnet on the same network device. From here you can follow the normal instructions described above.

  • shaiju Apr 24, 2009 @ 5:58

    Now im using iptables -t nat -A POSTROUTING -o eth0 -j all the host in the network can able to access internet.i want to allow only one host in the network to use the particular time…how to do it..not for all time only some to do im using centos

  • Hades Aug 7, 2009 @ 20:16

    Guys, I have the same question as ShaiJu, I am trying to configure a router that will perform NAT under the CentOS 5, please provide me with more information that will help a newbie like me…

    Thank you guys!!

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum