IP Masquerading To Allow Machines With Private To Access The Internet

IP Masquerading Internet Connection Sharing

IP Masquerading is to allow machines with private to access the Internet through the machine doing the masquerading.

• Accomplished with a single iptables rule.

  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE


  Address:   192.168.0.1           11000000.10101000.00000000 .00000001
  Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000
  Wildcard:  0.0.0.255             00000000.00000000.00000000 .11111111

  Network:   192.168.0.0/24        11000000.10101000.00000000 .00000000 (Class C)
  Broadcast: 192.168.0.255         11000000.10101000.00000000 .11111111
  HostMin:   192.168.0.1           11000000.10101000.00000000 .00000001
  HostMax:   192.168.0.254         11000000.10101000.00000000 .11111110

http://www.ietf.org/rfc/rfc1918.txt

• Masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work:

  iptables -A FORWARD -s 192.168.0.0/24  -o eth0 -j ACCEPT
  iptables -A FORWARD -d 192.168.0.0/24  -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT

• The above commands will allow all connections from your local network to the Internet.