simple-nat.service

[Unit]
# Put this file as (chmod 644) /etc/systemd/system/simple-nat.service
# Then systemctl start simple-nat
# Finally systemctl enable simple-nat
# Reboot to see it works
# Public if = enp1s0
# Private if = enp2s0
Description=Simple NAT
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
#
# Enable forwarding
ExecStart=/usr/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
#
# Flush existing just in case
ExecStart=/sbin/iptables -F
ExecStart=/sbin/iptables -X
ExecStart=/sbin/iptables -t nat -F
ExecStart=/sbin/iptables -t nat -X
#
# Drop everything by default
ExecStart=/sbin/iptables -P INPUT DROP
ExecStart=/sbin/iptables -P FORWARD DROP
#
# Allow outputs
ExecStart=/sbin/iptables -P OUTPUT ACCEPT
#
# Allow all on localhost
ExecStart=/sbin/iptables -A INPUT -i lo -j ACCEPT
#
# Allow local network 
ExecStart=/sbin/iptables -A INPUT -i enp2s0 -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT
#
# Allow connections out via default gateway
ExecStart=/sbin/iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
ExecStart=/sbin/iptables -A FORWARD -i enp1s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A INPUT -i enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#
TimeoutStartSec=0

[Install]
WantedBy=network.target