Linux 101 : IP Tables and NAT - Network Address Translation -
We have the below scenario:
To check our interface, we use the below address:
To get its address through DHCP, we add the below line for "eth2" in the "/etc/network/interfaces" file:
- "-t" : parameter indicates that we are using the "nat" table.
- "-A" : parameter is used to append the rules at the end of our "POSTROUTING" IP tables chain.
- "-o" : indicates the output interface.
- "-j" : is the executed action - MASQUERADE the IP address - if the packed matches our rule.
We would need to also enable some forwarding using the below command:
The "-m state" parameter specifies that the packet need to match the property "state" : from "eth2" to "eth1", the packets need to be related or part of an already established connection to be accepted and passed to the FORWARD chain.
Finally, any packet that comes in on "eth1" (LAN) and is heading out through "eth2" (Internet) is automatically accepted:
Remark:
The FORWARD chain deals with traffic that is just going through our machine.
The POSTROUTING happens after the routing decision has has been done.
Comments