Skip to content

Instantly share code, notes, and snippets.

Last active November 8, 2020 23:43
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
# Put this file as (chmod 644) /etc/systemd/system/simple-nat.service
# Then systemctl start simple-nat
# Finally systemctl enable simple-nat
# Reboot to see it works
# Public if = enp1s0
# Private if = enp2s0
Description=Simple NAT
# Enable forwarding
ExecStart=/usr/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
# Flush existing just in case
ExecStart=/sbin/iptables -F
ExecStart=/sbin/iptables -X
ExecStart=/sbin/iptables -t nat -F
ExecStart=/sbin/iptables -t nat -X
# Drop everything by default
ExecStart=/sbin/iptables -P INPUT DROP
ExecStart=/sbin/iptables -P FORWARD DROP
# Allow outputs
ExecStart=/sbin/iptables -P OUTPUT ACCEPT
# Allow all on localhost
ExecStart=/sbin/iptables -A INPUT -i lo -j ACCEPT
# Allow local network
ExecStart=/sbin/iptables -A INPUT -i enp2s0 -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT
# Allow connections out via default gateway
ExecStart=/sbin/iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
ExecStart=/sbin/iptables -A FORWARD -i enp1s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A INPUT -i enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment