Recent Changes - Search:

Softwares

.

Main /

IPMasqueradingToAllowMachinesWithPrivateToAccessTheInternet

IP Masquerading Internet Connection Sharing

IP Masquerading is to allow machines with private to access the Internet through the machine doing the masquerading.

  • Accomplished with a single iptables rule. 
  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE


  Address:   192.168.0.1           11000000.10101000.00000000 .00000001
  Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000
  Wildcard:  0.0.0.255             00000000.00000000.00000000 .11111111

  Network:   192.168.0.0/24        11000000.10101000.00000000 .00000000 (Class C)
  Broadcast: 192.168.0.255         11000000.10101000.00000000 .11111111
  HostMin:   192.168.0.1           11000000.10101000.00000000 .00000001
  HostMax:   192.168.0.254         11000000.10101000.00000000 .11111110

http://www.ietf.org/rfc/rfc1918.txt

  • Masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work: 
  iptables -A FORWARD -s 192.168.0.0/24  -o eth0 -j ACCEPT
  iptables -A FORWARD -d 192.168.0.0/24  -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
  • The above commands will allow all connections from your local network to the Internet.
Edit - History - Print - Recent Changes - Search
Page last modified on April 14, 2007, at 06:58 AM