IP Forwarding/Masquerade

[Alexey Fadyushin]

To connect your inside network to internet using masquerading, put the 
following lines into iptables configuration (/etc/sysconfig/iptables):
Into table nat, chain POSTROUTING put the following string

-A POSTROUTING -s <internal network address space> -j SNAT --to-source 
<address of router externat interface>

This will do the masquerading. Then allow the forwarding of packets 
between internal and external addresses (table 'filter' chain FORWARD):

-A FORWARD -s <internal network address space> -j ACCEPT

Or simply set the default rule of FORWARD chain to ACCEPT.
Then reload iptables rules:

service iptables restart

Then switch on the forwarding in the kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

And put appropriate line into /etc/sysctl.conf so the forwarding will be 
switched on after each reboot:
net.ipv4.ip_forward = 1

Also I recommend to switch on the use of iptales helpers for at least 
FTP protocol. The list of helpers to be loaded at iptables restart is in 
file /etc/sysconfig/iptables-config, parameter IPTABLES_MODULES.

Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com


Mollatt Ntini wrote:
> Hello everyone
> 
> I have googled and googled, but I believe it's the correct search keyword that I am missing.
> What I am about to ask has been discussed on this list, but I just don't seem to be able to track it down - in the archives, FAQ, sample configs!
> 
> I have one of those *stupid* requests again: I need to put an IP Forwarding or IP Masquerade on a REDHAT 9, 
> basically what I need is to have my LAN to access any outside network, whether ping, trace etc, and just leave my WAN network in its current state. How do I do this.
> 
> Please help!
> 
>