Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows:
a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1
b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1 ( public IP provided by ISP )
Step # 1: Enable Packet Forwarding
Step # 1: Enable Packet Forwarding
Check if IP Forwarding is enabled, if value 0 is not yet forward:
#sysctl net.ipv4.ip_forward
#net.ipv4.ip_forward = 0
So we need to enable Packet forwarding
+set without reboot server use command:
#sysctl -w net.ipv4.ip_forward=1or
echo 1 > /proc/sys/net/ipv4/ip_forward
the setting is changed instantly; the result will not be preserved after rebooting the system.
+Permanent setting using /etc/sysctl.conf
Login as the root user. Open /etc/sysctl.conf file
# vi /etc/sysctl.conffind name and change like below:
net.ipv4.ip_forward = 0
change to
net.ipv4.ip_forward = 1
To enable the changes made in sysctl.conf you will need to run the command:
# service network restart
Step # 2: Enable IP masquerading
Step # 2: Enable IP masquerading
In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through. In short, IP masquerading is used to share the internet connection.
Share internet connection
To share network connection from source address 10.82.1.0/24 via eth1 to use internet.
# iptables -t nat -A POSTROUTING -s 10.82.1.0/24 -o eth1 -j MASQUERADE
# /etc/init.d/iptables save
# /etc/init.d/iptables restart
# /etc/init.d/iptables save
# /etc/init.d/iptables restart
after use command iptable nat we will get this in iptable:
*nat
:PREROUTING ACCEPT [300:11292]
:POSTROUTING ACCEPT [12:2046]
:OUTPUT ACCEPT [8:1695]
-A POSTROUTING -s 10.82.1.0/24 -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Oct 22 10:25:14 2015
# Generated by iptables-save v1.4.7 on Thu Oct 22 10:25:14 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [257:44936]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
==========================
-reference:
a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1
b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1 ( public IP provided by ISP )
Please note that
interface eth1 may have public IP address or IP assigned by ISP. eth1
may be connected to a dedicated DSL / ADSL / WAN / Cable router:
Linux
can be easily configured to share an internet connection using
iptables. All you need to have is, two network interface cards as
follows: - See more at:
http://www.linuxtechtips.com/2013/12/configure-centos-as-a-router.html#.dpuf
Linux
can be easily configured to share an internet connection using
iptables. All you need to have is, two network interface cards as
follows: - See more at:
http://www.linuxtechtips.com/2013/12/configure-centos-as-a-router.html#.dpuf