Setup two interfaces – one on each network
ETH0 is the outside / internet side
ETH1 is the inside / private network side (which needs internet access)
Static rule example:
root@ubuntu01:~# cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The External network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 10.6.26.67
netmask 255.255.255.0
gateway 10.6.26.254
dns-nameservers 10.6.26.61
# The Internal network interface
auto eth1
#iface eth1 inet dhcp
iface eth1 inet static
address 192.168.0.254
netmask 255.255.255.0
Enable the inside IF
ifup eth1
ifconfig
Enable forwarding in current session:
echo “1” > /proc/sys/net/ipv4/ip_forward
Uncomment the section on forwarding to get permanent use of the NAT (even after rebooting):
vi /etc/sysctl.conf
Uncomment and save:
net.ipv4.ip_forward=1
Restart networking (don’t do this over SSH – the connection will be cut):
/etc/init.d/procps restart
/etc/init.d/networking restart
Setup the actual forwarding rules in iptables:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Save the rules so they’re not lost at reboot:
iptables-save > /etc/iptables.rules