Q I have been trying to help a friend set up a very basic gateway - I just need to NAT everything for him, but I've had no luck so far. I realise a complete script might be a lot to fit in, but could you get me started?
A OK Vikram, here's a quick and dirty guide. I am assuming only that the mangle table is cleared and does not affect things. Let's do it:
# iptables -F INPUT # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT # iptables -P INPUT DROP # iptables -F FORWARD # iptables -P FORWARD ACCEPT # iptables -t nat -F # iptables -t nat -A POSTROUTING -j MASQUERADE
I don't like the last rule that much: it is the quickest way to do it but it's too dirty. Let's replace it with:
# iptables -t nat -A POSTROUTING -o <externalinterface> -j SNAT -to <externalIP>
If you have a static IP on the gateway, or if you have a dynamic one, just run
# iptables -t nat -A POSTROUTING -o <externalinterface> -j MASQUERADE
You should replace <externalInterface> with the interface name facing the internet, ie eth0, eth1 or whatever.