Masquerade

From SlackWiki
Jump to: navigation, search

Masquerading is what Windows calls "Internet Connection Sharing", although you can use it for sharing any network connection.

This is just a basic script to give you the general idea, and to refine upon for yourself.

#!/bin/sh
# Define as appropriate for your setup
# external interface (connected to the internet)
EXT_IF=eth0
# internal interface (connected to your local network)
INT_IF=eth3
# path to your iptables binary - leave this alone on slack
IPTABLES=/usr/sbin/iptables
# We don't want to just forward anything to anyone, or let everything
# into our local network
$IPTABLES -F FORWARD
$IPTABLES -P FORWARD DROP
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
# Do the actual masquerading
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
# Enable IP packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward