Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Setup a simple NAT in linux

First things first, to do this i assume you have TWO working network cards in your computer, one is connected to the internet (WAN) and the other is connected to your local network (LAN), or think of it as eth0 (WAN) and eth1 (LAN). I also assume that you want eth1 to share the internet with others, however, i am not going to enable a dhcp server, so your 'clients' will have to have their ip settings entered manually. If you want to try this then read on...


First off we need to know the ip address of our WAN network card (eth0 the one connected direct to the internet ;-)). So, as root type ifconfig.

That should present you with an output like the following example:-



Quote:eth0Link encap:Ethernet HWaddr 00:06:5B:02:F6:FF

inet addr: Bcast: Mask:





Link encap:Ethernet HWaddr 00:02:2D:46:B2:5F

inet addr: Bcast: Mask:


In the example above i have a WAN (eth0) address which is my connection to the internet via another NAT (lol), and it has the ip address of


The LAN (eth1) IP address in this example has been set to


Ive deliberately set eth1 to so i know its my 'sharing' NAT ip address, and it's the one to point to later.

To set/change your IP settings for a Network card in Red Hat 9 type this as root:-

neat or redhat-config-network


Now that you have set your LAN (eth1) IP address, lets get sharing !!!

As root in a console type the following two lines:-


iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to




echo 1 > /proc/sys/net/ipv4/ip_forward




Obviously the first line which points to MUST point to your CURRENT WAN IP address (eth0) and NOT my example here.

So if your eth0 ip address= then the line should read


iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to


Ok, now that is done, now its time to test it, if you have lokkit running (redhats firewall) disable it temporarily to test please.


On a client pc, edit it's TCPIP properties as follows


IP address= (or any value above 1 and up to 255)


Default Gateway= (eth1)

DNS server 1= (eth0)

DNS Server 2= (my first NAT, which shares ips to my eth0 WAN connection, change this to your WANS DNS server ip)



You will have to put the lines below in /etc/rc.d/rc.local if you want to turn it (the NAT) on every time your system boots up.


iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
echo 1 > /proc/sys/net/ipv4/ip_forward


Obviously replace with the ip of your current WAN (internet) address.


Thats it, test it by pinging


you might also want to read the following....


Quote:In order for your system to save the iptables rules ...You will need to edit /etc/sysconfig/iptables-config and make sure IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to 'yes'.

ok below is a conversation i had while SSH'd to 'squares' fedora box


he wanted it to serve internet to the xp box


reading the below may give you a clue where you are going wrong in getting NAT to work


i hope so


to assign the IP address to his network card that had no ip address i did


ifconfig eth0


the conversation is listed first, and the lines i actually did on the fedora box are included below that


in squares case









Quote:<anyweb> ok im in<squared> k

<anyweb> which is the internet eth0 or eth1

<squared> the one with the ip, heh..

<anyweb> lol


<squared> er

<squared> wtf

<squared> you there?

<anyweb> look at eth0 now

<squared> how?

<anyweb> do ifconfig

<squared> irssi just gone weird

<anyweb> ok

<anyweb> ive set eth0 to

<squared> i need root, so i'll have to dc right?

<anyweb> now you should be able to share it

<anyweb> no, just open another console and su -

<anyweb> we can both be connected

<anyweb> do you want me to now setup the sharing between eth1 and eth0 ?

<squared> umm.. how?

<squared> yeh

<anyweb> ok wait

<squared> i dont have X just console

<squared> this is gonna be a sever, didnt see point of having X

<anyweb> ok

<anyweb> try and use the xp machine now

<anyweb> set the ip on the windwso machine to

<anyweb> and ping

<anyweb> does it work ?

<squared> k, lemme set ip

<squared> yes i get reply

<anyweb> try pinging google

<anyweb> set as the gateway on the xp box

<squared> nope, ping request could not find host

<anyweb> hmm ok hold on

<squared> i can ping its ip tho

<squared> :)

<anyweb> on xp, ping

<squared> i think, <-- that's ip?

<anyweb> does that work ?

<anyweb> set your dns 1 to 192..168.0.1 dns 2 to the dns of your 'internet' ip

<anyweb> on the xp box

<squared> yeh, i can ping

<anyweb> can you ping now ?

<squared> nope, lemme do that last step

<anyweb> ok

<squared> nope, still cant ping

<anyweb> hmm

<anyweb> the xp box should have the following

<anyweb> ip=

<squared> heh, you read my mind..

<squared> go ahead.

<anyweb> sub

<squared> yep..

<anyweb> gateway=

<squared> yep

<anyweb> dns1 = your WAN ip address

<squared> that my public ip?

<anyweb> dns2= you WAN DNS server ip

<anyweb> dns1=your public ip

<squared> whats the wan dns server ip?

<squared> my isps dns servers?

<anyweb> hold on

<squared> k

<anyweb> yeah you need the dns address of your WAN (public)

<anyweb> i dont know what it is

<squared> me either.. heh

<squared> lemme ring them..

<anyweb> nah

<anyweb> lemme try one last thing

<squared> k

<anyweb> if you get discon then just reconnect

<squared> k

<anyweb> try as your dns1

<squared> woot

<squared> works!!!!!!!!!

<anyweb> :)

<anyweb> ok i'll disconnect now

<squared> k, thanks

<anyweb> done !

<squared> thanks alot :)

<anyweb> hey @! i fixed your problem !!

<squared> yeh!

<anyweb> can i paste this output (minus the password stuff) as part of the tips, to give people a clue ?

<squared> sure

<anyweb> cool

code below, the bits in (brackets) are only COMMENTS


ifconfig (to see the ip address settings)

ifconfig eth0  (to set his eth0 to ip address

ifconfig (to verify that eth0 is now

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to (to tell iptables that we are gonna share the internet via nat)

echo 1 > /proc/sys/net/ipv4/ip_forward  (lets start ipforwarding...)


and thats it !


This works in Fedora Core 3, but I had to issue another command:


iptables -F FOWARD


The XP machine I was running wasn't able to get any of my ISP DNS servers.

Thanks to FluKex in #linux_noob for the help!


- 60mhz


Forum Jump:

Users browsing this thread: 1 Guest(s)