Im trying to set up nat on one of my Linux boxes. I have read a few guides and have even remembered the free oreilly book I got free once with something "Linux iptables Pocket Reference" .
I want to start simple with just setting nat up for now and locking the ports down more later.
From what ive seen I need to use a SNAT rule and enable forwarding. This needs to be run as a script on startup from /etc/init.d
Given that eth0 is public and eth1 is private:
The script will contain the following:
Delete all current rules:
Rules to allow all connections out and existing and related ones in:
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F #ignore if you get an error here
/sbin/iptables -X #deletes every non-builtin chain in the table
The actual NAT rule where 10.0.0.1 is the address of eth0
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Then enable packet forwarding by kernel
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.0.0.1
Does this look right? I seem to be reading confilcting stuff so just want to make sure.
echo 1 > /proc/sys/net/ipv4/ip_forward