How to Masquerade (ICS) in Linux

Submitted by abhishek on Mon, 03/16/2009 - 12:50

Its very simple to masquerade in linux with few lines of iptables and ip_forward commands.

Assumptions : Your Linux box has 2 NIC's one connected to internet (eth0) other connected to local network (eth1 IP 192.168.0.10)

first of all you have to flush and delete existing firewall rules which are there by default in linux .

so flush rules by typing the following in terminal

iptables -F
iptables -t nat -F
iptables -t mangle -F

now delete the chains by using

iptables -X
iptables -t nat -X
iptables -t mangle -X

now its time to save iptables so type

service iptables save
service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now open /etc/rc.d/rc.local

and insert the following line

echo ” 1 “> /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

chkconfig -–list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

Now Set the Default Gateway of eth1 as eth0's IP Address

and then set Default Gateways of all other client to Server's eth1's IP address (192.168.0.10) enjoy :)