Use iptables to configure nat application instances

This article describes how to use iptables to create NAT in linux. we can use it as a gateway so that multiple machines in the Lan can use a public IP address to connect to the Internet. the method I use is to override the source address and target address of the IP package through the NAT system. preparation: CPU: PII or higher: any Linux software: Iptables Nic this article describes how to use IptablesTo create a NAT, we can use it as a gateway so that multiple machines in the Lan can use a public IP address to connect to the Internet. the method I use is to override the source address and target address of the IP package through the NAT system.

Preparation:
CPU: PII or higher
System: any Linux version
Software: Iptables
Nic: 2

Idea:
Replace xx. xx with your Wan IP address
Replace yy. yy with your lan ip address
(For example, 192.168.0.0/16,172.16 .0.0/12, 10.0.0.0/8)
WAN = eth0 has an Internet IP address xx. xx
LAN = eth1 has an intranet IP address yy. yy/255.255.0.0

Process:
Step #1. add two NICs to your Linux system.

Step #2. check whether your Nic is correctly installed:
Ls/etc/sysconfig/network-scripts/ifcfg-eth * | wc-l
Result output should be "2 ″

Step #3. configure eth0 and use the Internet ip address (ip-based external network or internet connection)
Cat/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE = eth0
BOOTPROTO = none
BROADCAST = xx. xx. xx.255 # Additional options
HWADDR = 00: 50: BA: 88: 72: D4 # Additional options
IPADDR = xx. xx
NETMASK = 255.255.255.0 # provided by ISP
NETWORK = xx. xx. xx.0 # Optional
ONBOOT = yes
TYPE = Ethernet
USERCTL = no
IPV6INIT = no
PEERDNS = yes
GATEWAY = xx. xx. xx.1 # provided by ISP

Step #4. configure eth1 and use the LAN address (internal network)
Cat/etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO = none
PEERDNS = yes
HWADDR = 00: 50: 8B: CF: 9C: 05 # Optional
TYPE = Ethernet
IPV6INIT = no
DEVICE = eth1
NETMASK = 255.255.0.0 # Specify based on your requirement
BROADCAST = ""
IPADDR = 192.168.2.1 # Gateway of the LAN
NETWORK = 192.168.0.0 # Optional
USERCTL = no
ONBOOT = yes

Step #5. configure the host (optional)
Cat/etc/hosts
127.0.0.1 nat localhost. localdomain localhost

Step #6. configure the Gateway
Cat/etc/sysconfig/network
NETWORKING = yes
HOSTNAME = nat
GATEWAY = xx. xx. xx.1 # Internet or Internet GATEWAY, which is provided by the ISP

Step #7. configure DNS
Cat/etc/resolv. conf
Nameserver 203.145.184.13 # Primary DNS server, which is provided by the ISP
Nameserver 202.56.250.5 # Second DNS server, which is provided by the ISP

Step #8. use IP Tables to configure NAT
# Delete and refresh default tables, such as "filter", and other tables such as "nat", which must be clearly marked:
Iptables? Flush # refresh all filtering rules and NAT tables.
Iptables? Table nat? Flush
Iptables? Delete-chain
# Delete all non-default rule chains and nat tables
Iptables? Table nat? Delete-chain
# Create IP forwarding and disguise
Iptables? Table nat? Append POSTROUTING? Out-interface eth0-jMASQUERADE
Iptables? Append FORWARD? In-interface eth1-j ACCEPT
# Enable the kernel package forwarding function
Echo 1>/proc/sys/net/ipv4/ip_forward
# Apply iptables configuration
Service iptables restart

Step #9. test
# Using a client to ping the Gateway
Ping 192.168.2.1
Then test whether the Internet can be accessed:
Ping google.com
Configurations of the internal network client
All computers in the local office network set the Gateway as the intranet IP address of the linux (system) gateway.
The DNS is set to the DNS provided by the ISP.
Windows 95,200 0, XP configuration:
Select Start> set> Control Panel"
Select "network"
Select "configuration" and double-click the "TCP/IP" section of the Ethernet (not TCP/IP> dial-up adapter)
Then enter:
"Gateway": use the intranet IP address of the linux system. (192.168.2.1)
"DNS configuration": use the DNS address provided by IPS (usually Internet addresses)
"IP address": IP address (192.168.XXX.XXX-static) and mask (small local office network usually uses 255.255.0.0 ).