Rodrigo Barbosa rodrigob@suespammers.org wrote:
The guy just want some temporary NAT services for testing. There is no need to configura all of that.
Agreed. However ...
That simple iptables ... -j MASQUERADE rule should work if there are no other iptables rules anywhere, and all default rules are ACCEPT.
Actually, the MASQ target is _not_ recommended when you want to map many, many systems into various ports. I see this come up regularly and it's a very _poor_ move to do traditional masquerading (NAT+PAT).
Ideally, you should be doing 1:1 NAT, and _no_ PAT. Not only reduced overhead on the NAT device because it's not doing PAT and connection tracking, but you'll see greatly increased performance (especially on a higher speed corporate network ;-).
Now Linux's performance at this is still suspect at 1:1 NAT versus even a typical router. But if you want to do it ...
iptables -t nat -A PREROUTING -d a.b.c.d -i ethX -j DNAT --to-destination p.q.r.s iptables -t nat -A POSTROUTING -s p.q.r.s -o ethX -j SNAT --to-source a.b.c.d
Where ethX is your public IP interface. Where a.b.c.d is your public IP address. And where p.q.r.s is your private iP address.