Source Network Address Translation (SNAT) is a trick (technique) that makes the server act as a proxy for all the networks that uses it as a gateway. This is useful for protecting the local network from the outside attacks, if you own only one real IP, etc.
The script that is used to start or stop SNAT-ing is /usr/local/config/source-nat :
bash# vi /usr/local/config/source-nat #!/bin/bash # enable or disable source NAT (masquerading) ### include the network configuration . /usr/local/config/network-config case "${1}" in ls ) /sbin/iptables-save --table nat exit 0 ;; flush ) /sbin/iptables --verbose --table nat --flush /sbin/iptables --verbose --table nat --delete-chain exit 0 ;; on ) echo 1 >/proc/sys/net/ipv4/ip_forward /sbin/iptables --verbose --table nat --append POSTROUTING \ --out-interface eth0 \ --jump SNAT --to-source $ETH0_IP # --jump MASQUERADE exit 0 ;; off ) echo 0 >/proc/sys/net/ipv4/ip_forward /sbin/iptables --verbose --table nat --delete POSTROUTING \ --out-interface eth0 \ --jump SNAT --to-source $ETH0_IP # --jump MASQUERADE exit 0 ;; * ) echo "Usage: ${0} [ ls | flush | on | off ]" exit 0 ;; esac
Make it executable and then start SNAT-ing like this:
bash# cd /usr/local/config bash# chmod 755 source-nat bash# ./source-nat bash# ./source-nat on