Building NAT on Debian GNU/Linux with iptables

interfaces:

eth0(internal):
192.168.1.254
eth1(external):
aaa.bbb.ccc.ddd

enable forwarding:

sudo sysctl net.ipv4.ip_forward=1

iptables commands(can be saved to a shell script):

clean up old rules

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

accept loopback traffic

iptables -A INPUT -i lo -j ACCEPT

allow internal connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

masquerade

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

reject connections from eth1

iptables -A FORWARD -i eth1 -o eth1 -j REJECT

Easy and fast!

backup the rules:


sudo iptables-save > /path/savedConfig

auto load the rules:


sudo sh -c "echo 'pre-up iptables-restore < /path/savedConfig' >> /etc/network/interfaces