janhieber/NAT_setup.txt

## NAT_setup.txt
############# on host

# set fixed IP (rpi-net)
NetworkManager / systemd-networkd ...

# enable IPv4 forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ipforward.conf

# enable NAT in iptables (rpi-net is target interface)
iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
iptables -A FORWARD -i ens33 -o rpi-net -m state \
--state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i rpi-net -o ens33 -j ACCEPT
iptables-save > /etc/iptables/iptables.rules
systemctl enable iptables
systemctl start iptables

# for DHCP on target use dnsmasq

# when using USB ethernet, set fixed dev name
/etc/udev/rules.d/10-network.rules:
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:11:6b:67:e7:db", NAME="rpi-net"
	############# on host

	# set fixed IP (rpi-net)
	NetworkManager / systemd-networkd ...

	# enable IPv4 forwarding
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ipforward.conf

	# enable NAT in iptables (rpi-net is target interface)
	iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
	iptables -A FORWARD -i ens33 -o rpi-net -m state \
	--state RELATED,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -i rpi-net -o ens33 -j ACCEPT
	iptables-save > /etc/iptables/iptables.rules
	systemctl enable iptables
	systemctl start iptables

	# for DHCP on target use dnsmasq

	# when using USB ethernet, set fixed dev name
	/etc/udev/rules.d/10-network.rules:
	SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:11:6b:67:e7:db", NAME="rpi-net"