Configure Linux as a Router ( Gateway) for SOHO

Configure Linux as a Router ( Gateway) for SOHO

by -
0 2358

In this article, I am going to explain, how to set up network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.




Note:  Article Tested on CentOS 5.4

Step by Step Installation:

Step 1: Configure Ethernet Cards, assumed than eth0 is connected to External Network and eth1 is connected to LAN ( Internal Network )

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
IPADDR=    <—-  external IP Address here


# vi /etc/sysconfig/network-scripts/ifcfg-eth1

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
IPADDR=    <— Internal IP Address here


#vi /etc/sysconfig/network

GATEWAY=  <— Place Default Gateway here


#vi /etc/resolv.conf

nameserver   <—–Primary DNS
nameserver   <—— Secondry DNS


#vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.               lab localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6


# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from ( icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from ( icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from ( icmp_seq=4 ttl=64 time=0.036 ms
64 bytes from ( icmp_seq=5 ttl=64 time=0.028 ms


# service network restart


Step 2:  NAT ( Network Address Translation ) setup using IPTABLES

#iptables -F
#iptables -t nat -F
#iptables -t mangle -F

Now delete these chains:

#iptables -X
#iptables -t nat -X
#iptables -t mangle -X

Set up IP Masquerading

#iptables -t nat -A POSTROUTING  -j MASQUERADE

Step 3:  Enable Routing

Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)

#echo 1 > /proc/sys/net/ipv4/ip_forward

Save and restart  services

#service iptables save
#service iptables restart

Check if iptables is set to start during boot up

#chkconfig  iptables on

Checking  Routing

# sysctl  -p
net.ipv4.ip_forward = 1     <—it was  0 by default
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456

Testing Router :

Go to any client PC  set networking setting  assume that

Client IP Address :
Subnet Mask:

Then Ping  any external address it should ping



Pinging [] with 32 bytes of data:
Reply from bytes=32 time=293ms TTL=50
Reply from bytes=32 time=285ms TTL=50
Reply from bytes=32 time=288ms TTL=50
Reply from bytes=32 time=332ms TTL=50

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 332ms, Average = 299


How to provide Internet to limited no of Clients ?

# iptables -t nat -F
# service iptables save

# iptables -t nat -A  POSTROUTING  -s  -j  MASQUERADE
# iptables -t nat -A  POSTROUTING  -s  -j  MASQUERADE

It allows only two  PCs i.e and to surf internet

# service iptables save
# service iptables restart


That’s It !!

Enjoy Surfing ………….!!

Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “


0 1672

0 1328

0 1188


Leave a Reply