[CentOS] NAT via /etc/sysconfig/iptables

Mon Aug 2 17:04:32 UTC 2010
Joseph L. Casale <jcasale at activenetwerx.com>

>Does anybody have a sample iptables config file that would incorporate
>NAT and forwarding for a simple router?

Turn on ip frwding in sysctl.conf:
net.ipv4.ip_forward = 1

Then rules something like this (Tune for your needs):
# Accept packets belonging to established and related connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Setup masquerading on WAN interface & forward specified requests
/sbin/iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
/sbin/iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
/sbin/iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT


Have a quick read on:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables