Das Werkstatt

I'm writing these few lines down, because it's actually dead-simple, but a few things I always forget when I setup a GNU/Linux box as a gateway/router between networks.
So here's a step-by-step list of things you need to do to NAT-route between 2 networks.

Let's say your network settings are as follows:
a) LAN_INTERFACE="eth0"
b) INET_INTERFACE="eth1"
c) INET_GATEWAY="192.168.1.1"

First things first:
1) Enable IPv4 forwarding:

Edit /etc/sysctl.conf, and enable "net.ipv4.ip_forward=1", to look like this:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

In order to enable IPv4 forwarding immediately, do the following: Now, to check if it IPv4 forwarding is enable, type: Should return "1".

2) Enable network-address-translation (NAT) between the networks, using "iptables": 3) Enable some computer on the $INET_INTERFACE network as your default gateway: 4) Check the routing:

In the Debian Wiki article about iptables it is described how to configure iptables rules persistently.
So, in order to apply the above mentioned routing/iptables setup in a clean, standardized way, do the following:

1) Enable IPv4 forwarding in "/etc/sysctl.conf" as mentioned above.

2) Add the iptables MASQUERADE rule as mentioned above.

3) Write the iptables rules to "/etc/iptables.up.rules" (as root): 4) Create the file "/etc/network/if-pre-up.d/iptables", with the following content: and mark it executable:
That should be it.