Friday, July 8, 2011

IPTABLES NAT for fedora linux

If your have two network cards eth0, eth1
lets assume 
eth0 is connected to local network
eth1 is connected to public network(or ppp0) 

Masquerading

1)To enable nat on eth0 for all local network users

If you are running iptables service,  use the following method 

#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 

To save this changes
#iptables-save > /etc/sysconfig/iptables
or  
#service iptables save 
#service iptables restart 

This will enable Masquerade. Now you can configure eth0 as the gateway for local network. 

If you are not running iptables service
edit /etc/rc.local and add the below lines

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 


Then  execute the ./rc.local file

2) To enable nat on eth0 for specified network user ips

#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system1) -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system2) -o eth1 -j MASQUERADE 
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  


Port Redirection

1)To redirect external 80 port traffic to 3128 port

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 

2)To redirect external rdp port traffic to any local systems rdp port. 

#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3389 -j DNAT --tox.x.x.x(ip of any local network system):3389 
 or
#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3382 -j DNAT --to x.x.x.x(ip of any local network system):3389


Based on your requirement, you can change the port and ip