MASQUERADE
-----
How to configure iptables MASQUERADE rule for set of secondary IP address
WAN = eth0 with public IP 202.22.22.1 -eth0
LAN = eth1 with private IP 192.168.1.1 -eth1
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
**CentOS/RHEL 6
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
**service iptables restartCentOS/RHEL 7
firewall-cmd –permanent –direct –passthrough ipv4 -t nat -I POSTROUTING -o eth0 -j MASQUERADE -s 192.168.1.0/24
systemctl restart firewalld
echo 1 > /proc/sys/net/ipv4/ip_forward
OR
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
service iptables restart
------------------------X-----------------------------------
############### LAN to WAN Masquerading and Forwarding ################
iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE
iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface eth1 -j ACCEPT
############## Block SSH & DNS Requests from WAN Eth0 ##################
# iptables ! -s 192.168.1.1/24 -A INPUT -i ppp0 -p tcp –dport 22 -j DROP
iptables ! -s 192.168.1.1/24 -A INPUT -i ppp0 -p tcp –dport 53 -j DROP
############## Enable SSH externally on ppp0 ##################
iptables -A INPUT -i ppp0 -p tcp –dport 2200 -j ACCEPT
############### Port redirections ################
# RDP to windows-server
iptables -A PREROUTING -t nat -i ppp0 -p tcp –dport 3390 -j DNAT –to 192.168.1.100:3389
iptables -A FORWARD -p tcp -d 192.168.1.100 –dport 3390 -j ACCEPT
############### Confirm IP forward is enabled ################
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel
------------------------X --------------------------
eth0 1.1.1.1 # 1st IP address eth0:0 1.1.1.2 # 2nd IP address eth0:1 1.1.1.3 # 3rd IP address eth1 2.2.2.2 # LAN segment
I added MASQUERADE rule to allow Internet access from my LAN as below:
iptables -t nat -A POSTROUTING -s 2.2.2.2 -o eth0 -j MASQUERADE
Now outgoing connections from my LAN to WAN will be masquerading with 1.1.1.1 public IP. How can I change masquerading ip "1.1.1.1" for any other as e.g 1.1.1.2 or 1.1.1.3 ?
------
CentOS Linux add a default gateway
In this example, route all traffic via 192.168.1.254 gateway connected via eth0 network interface. The following command will set a default gateway for both internal and external network (if any):
# route add default gw 192.168.1.254 eth0
OR
# ip route add 192.168.1.0/24 dev eth0
How do I make routing changes persistent across CentOS Linux server reboots?
To set default gateway edit /etc/sysconfig/network as follows:
# cat /etc/sysconfig/network
Sample configuration file:
NETWORKING=yes ## server name ## HOSTNAME=server1.cyberciti.biz ## Default route ## GATEWAY=192.168.1.254NETWORKING_IPV6=yesIPV6_AUTOCONF=no
Save and close the file. Restart the networking service on CentOS Linux, type:
# service network restart
# ip route list
To verify new settings ping to the default gateway and external network:
# ping 192.168.1.254
# ping www.cyberciti.biz
# host google.com
CentOS Linux static routing config for eth1 interface
The following is a sample route-eth1 file. The default gateway set to 192.168.2.254, interface eth1. The static route is 10.10.29.65 for 10.0.0.0/8 network:
# cat /etc/sysconfig/network-scripts/route-eth1
Sample configurations:
default 192.168.2.254 dev eth1 10.0.0.0/8 via 10.10.29.65 dev eth1
---