Created
July 23, 2020 13:23
-
-
Save btgoodwin/f4ce69ba0c23d28f740b06c1511c883f to your computer and use it in GitHub Desktop.
CentOS 7 NAT configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # In this configuration, there are two networks: | |
| # eth0 -> a "WAN" into the office network | |
| # eno1 -> a "LAN" of attached vendor hardware on network 192.168.0.0/24 | |
| # this interface's IP is 192.168.0.1, and attached hardware use | |
| # that address as their GATEWAY. | |
| | |
| WAN_INT="eth0" | |
| LAN_INT="eno1" | |
| LAN_NET="192.168.0.0/24" | |
| | |
| # Enable IPv4 forwarding | |
| echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.d/99-ip-forwarding.conf | |
| sudo sysctl -p --system | |
| | |
| # Install and Configure IP Tables | |
| sudo yum install -y iptables* | |
| sudo iptables -P INPUT ACCEPT | |
| sudo iptables -F INPUT | |
| sudo iptables -P OUTPUT ACCEPT | |
| sudo iptables -F OUTPUT | |
| sudo iptables -P FORWARD DROP | |
| sudo iptables -F FORWARD | |
| sudo iptables -t nat -F | |
| sudo iptables -A FORWARD -i ${WAN_INT} -o ${LAN_INT} -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| sudo iptables -A FORWARD -i ${LAN_INT} -o ${WAN_INT} -j ACCEPT | |
| sudo iptables -t nat -A POSTROUTING -s ${LAN_NET} -o ${LAN_INT} -j MASQUERADE | |
| sudo iptables-save > /etc/sysconfig/iptables | |
| sudo systemctl restart iptables | |
| sudo systemctl restart network |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No guarantees this works as-is right now and you'll have to patch in your device interface names. This works sometimes.