What is the minimum command set to enable NAT on a linux box using iptables and a cable modem.

Posted on 2004-11-11
Last Modified: 2010-03-18
On a linux box with eth0 configured for and eth1 connected to a cable modem (DHCP), is this the minimum command set to enable NAT and allow the machines on to connect to the internet? (Kern = 2.6.9)

$> modprobe ipt_MASQUERADE
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
$> echo 1 > /proc/sys/net/ipv4/ip_forward
Question by:intreeg
    LVL 38

    Assisted Solution


       I'm not sure this is minimum command set or not. It looks ok and neat to me.

    > (Kern = 2.6.9)
    Are you using Fedora?

    LVL 5

    Accepted Solution

    Have a look at

    # Load the NAT module (this pulls in all the others).
    modprobe iptable_nat

    # In the NAT table (-t nat), Append a rule (-A) after routing
    # (POSTROUTING) for all packets going out eth1 (-o eth1) which says to
    # MASQUERADE the connection (-j MASQUERADE).
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

    # Turn on IP forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

    from the following website

    Make sure your linux hasnt already got some sort of firewall in the wal by flushing the tables first
    LVL 5

    Author Comment

    I am using SuSE 9.1 with recompiled kern.

    It appears that you are both right in your own ways. It is not the minimum Wesly; paranoidcookie did post the minimum, one less command. The flushing command  iptables -F; iptables -t nat -F; iptables -t mangle -F

    It turns out that paranoidcookie, was also right about a problem I was having and had not even mentioned on in this post. I had originally posted another question about why NAT was not working and gave a full description of the problem etc. I created this post so that I could create a generic "default.conf" for my firewall rules. This way I know that I have only what is absolutley need to make it work and verifies that any problem I am having is in my iptables somewhere. As it turns out, SuSEfirewall was not totaly disabled; after double checking my service settings and disabling all 3(!) entires for SuSEfirewall and rebooting, my firewall is now working with the command set I originally posted.

    I am increasing the points and will split them between you two. Thanks for the input!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now