What is the minimum command set to enable NAT on a linux box using iptables and a cable modem.

On a linux box with eth0 configured for 192.168.111.254/24 and eth1 connected to a cable modem (DHCP), is this the minimum command set to enable NAT and allow the machines on 192.168.111.0/24 to connect to the internet? (Kern = 2.6.9)

$> modprobe ipt_MASQUERADE
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
$> echo 1 > /proc/sys/net/ipv4/ip_forward
LVL 5
intreegAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
Hi,

   I'm not sure this is minimum command set or not. It looks ok and neat to me.

> (Kern = 2.6.9)
Are you using Fedora?

Wesly
0
paranoidcookieCommented:
Have a look at

# Load the NAT module (this pulls in all the others).
modprobe iptable_nat

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out eth1 (-o eth1) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

from the following website
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-4.html

Make sure your linux hasnt already got some sort of firewall in the wal by flushing the tables first
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
intreegAuthor Commented:
I am using SuSE 9.1 with recompiled kern.

It appears that you are both right in your own ways. It is not the minimum Wesly; paranoidcookie did post the minimum, one less command. The flushing command  iptables -F; iptables -t nat -F; iptables -t mangle -F

It turns out that paranoidcookie, was also right about a problem I was having and had not even mentioned on in this post. I had originally posted another question about why NAT was not working and gave a full description of the problem etc. I created this post so that I could create a generic "default.conf" for my firewall rules. This way I know that I have only what is absolutley need to make it work and verifies that any problem I am having is in my iptables somewhere. As it turns out, SuSEfirewall was not totaly disabled; after double checking my service settings and disabling all 3(!) entires for SuSEfirewall and rebooting, my firewall is now working with the command set I originally posted.

I am increasing the points and will split them between you two. Thanks for the input!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.