In my case, because a normal router doesn’t come with support of 802.1x security and I only have 1 IP address, I got to set up a Red Hat Linux server as a router with perform NAT and packet forwarding function.
- Suppose your server is using static IP 192.168.1.10, your network interface is eth0, and there is another PC with IP address 192.168.1.11 connected to the server directly
- Enable IPv4 packet forwarding on Linux
echo 1 > /proc/sys/net/ipv4/ip_forward
- Enable SNAT
# Example iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.10
- (Optional) Enable DNAT (port fowarding) for services such as web server
# Example iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.11:80
If you want to save the rules in iptables or restore them after edit, you can use these commands!
Edit 2013-05-08: The previous command were incorrect and has been updated.
Edit 2014-11-20: Added a command for persistent change on RedHat 5
# Save iptables rules to a file iptables-save > /tmp/iptables.txt # Restore iptables rules from a file iptables-restore < /tmp/iptables.txt # (For RedHat 5) Save the iptables rules so that changes is persistent (across reboot) service iptables save
Edit 2014-11-20: I have more IP addresses now after moving to new office. So today I rollback the configuration.
- Edit the file at /etc/sysctl.conf and locate the following line:
net.ipv4.ip_forward = 1
Edit it to read as follows:
net.ipv4.ip_forward = 0
- As the root user, run the following command to enable the change to the sysctl.conf file:
sysctl -p /etc/sysctl.conf
- You can then verify the result by the following command, which should give you zero as output: