1:1 NAT on your Linux/Netfilter Firewall

Posted on 2007/07/11 by nathan

So you want to map a public IP to a private IP behind your Linux (netfilter) based firewall. Here is the syntax:

## Standard Stuff ##echo 1 > /proc/sys/net/ipv4/ip_forwardiptables --table nat -A POSTROUTING -o eth0 -j SNAT --to $NAT_IP

## The 1:1 NAT stuff ##iptables -t nat -A PREROUTING -d $EXTERNAL_IP  \        -j DNAT --to-destination $INTERNAL_IPiptables -t nat -A POSTROUTING -s $INTERNAL_IP \        -j SNAT --to-source $EXTERNAL_IPiptables -t nat -A POSTROUTING -s $INTERNAL_NET -d $INTERNAL_IP \        -j SNAT --to-source $NAT_IP

Where $NAT_IP is the external IP of your firewall. The last rule is required if you want hosts on your internal net to be able to talk to that external IP as well.

This entry was posted in uncategorized. Bookmark the permalink.

2 Responses to 1:1 NAT on your Linux/Netfilter Firewall

  1. Anonymous says:
    2007/11/14 at 3:26 AM

    is eth0 here is the internal network or the external network?

    Reply
  2. Anonymous says:
    2009/01/20 at 3:52 PM

    Hi,
    I tried the same thing but I amble to access internet SNAT is not working. I dont know what is going wrong?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>