8

I have an experimental setup, of 4 linux (CentOS) machines:

enter image description here

All 4 machines are internally connected using different networks and can ping eachother directly connected interfaces. However only PC4 has access to internet.

I am trying to setup iptable rules that can allow PC1 to be able to access internet via PC4, but i have no idea how to do this.

I tried to add NAT at outgoing interface on PC2, PC3 and PC4:

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

However, this does not work, can you give me some idea how in such a setup i can make PC1 access 10.0.0.1 network??

Space Rocker
  • 787
  • 3
  • 11
  • 25

1 Answers1

17

Enable IP forwarding.

echo 1 > /proc/sys/net/ipv4/ip_forward

Permanent setting edit /etc/sysctl.conf and set 0 to 1 

net.ipv4.ip_forward = 1

To enable the changes made in sysctl.conf you will need to run the command

sysctl -p /etc/sysctl.conf

Iptables Rules for NAT

# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Satish
  • 16,544
  • 29
  • 93
  • 149
  • thank you but everytime i get Destination Host Prohibited Error, what could be the reason?? – Space Rocker Feb 15 '13 at 11:02
  • I checked, e.g i ping from PC1 (1.1.1.1) to PC3 (2.1.1.2) but there is no packet trasmitted further right from PC2 outside interface, there seem to be a problem or it is with ping only?? – Space Rocker Feb 15 '13 at 11:14
  • 3
    OK i got it, surprisngly i just need NAT at the last PC, while for the rest i only needed ip forwarding enabled and had to delete the default reject rule in forwarding chaing, using iptables -D FORWARD 1 and it's working – Space Rocker Feb 15 '13 at 12:41
  • 2
    You should mark this as the correct answer – Felipe Alvarez Dec 08 '14 at 03:03