Masquerade

From SlackWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Masquerading is what Windows calls "Internet Connection Sharing", although you can use it for sharing any network connection.

This is just a basic script to give you the general idea, and to refine upon for yourself.

#!/bin/sh
# Define as appropriate for your setup
# external interface (connected to the internet)
EXT_IF=eth0
# internal interface (connected to your local network)
INT_IF=eth3
# path to your iptables binary - leave this alone on slack
IPTABLES=/usr/sbin/iptables
# We don't want to just forward anything to anyone, or let everything
# into our local network
$IPTABLES -F FORWARD
$IPTABLES -P FORWARD DROP
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
# Do the actual masquerading
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
# Enable IP packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward