IP Forwarding/Masquerade
Alexey Fadyushin
fab at s-tunnel.com
Sat Dec 25 18:32:37 UTC 2004
To connect your inside network to internet using masquerading, put the
following lines into iptables configuration (/etc/sysconfig/iptables):
Into table nat, chain POSTROUTING put the following string
-A POSTROUTING -s <internal network address space> -j SNAT --to-source
<address of router externat interface>
This will do the masquerading. Then allow the forwarding of packets
between internal and external addresses (table 'filter' chain FORWARD):
-A FORWARD -s <internal network address space> -j ACCEPT
Or simply set the default rule of FORWARD chain to ACCEPT.
Then reload iptables rules:
service iptables restart
Then switch on the forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
And put appropriate line into /etc/sysctl.conf so the forwarding will be
switched on after each reboot:
net.ipv4.ip_forward = 1
Also I recommend to switch on the use of iptales helpers for at least
FTP protocol. The list of helpers to be loaded at iptables restart is in
file /etc/sysconfig/iptables-config, parameter IPTABLES_MODULES.
Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com
Mollatt Ntini wrote:
> Hello everyone
>
> I have googled and googled, but I believe it's the correct search keyword that I am missing.
> What I am about to ask has been discussed on this list, but I just don't seem to be able to track it down - in the archives, FAQ, sample configs!
>
> I have one of those *stupid* requests again: I need to put an IP Forwarding or IP Masquerade on a REDHAT 9,
> basically what I need is to have my LAN to access any outside network, whether ping, trace etc, and just leave my WAN network in its current state. How do I do this.
>
> Please help!
>
>
More information about the redhat-list
mailing list