5. Source NAT (Masquerading)
Prev   Next

5. Source NAT (Masquerading)

Source Network Address Translation (SNAT) is a trick (technique) that makes the server act as a proxy for all the networks that uses it as a gateway. This is useful for protecting the local network from the outside attacks, if you own only one real IP, etc.

The script that is used to start or stop SNAT-ing is /usr/local/config/source-nat : 

bash# vi /usr/local/config/source-nat

#!/bin/bash
# enable or disable source NAT (masquerading)

### include the network configuration
. /usr/local/config/network-config

case "${1}" in
  ls )
     /sbin/iptables-save --table nat
     exit 0
     ;;

  flush )
     /sbin/iptables --verbose --table nat --flush
     /sbin/iptables --verbose --table nat --delete-chain
     exit 0
     ;;

  on )
     echo 1 >/proc/sys/net/ipv4/ip_forward
     /sbin/iptables --verbose --table nat --append POSTROUTING \
                    --out-interface eth0 \
                    --jump SNAT --to-source $ETH0_IP
	            # --jump MASQUERADE 
     exit 0
     ;;

  off )
     echo 0 >/proc/sys/net/ipv4/ip_forward
     /sbin/iptables --verbose --table nat --delete POSTROUTING \
                    --out-interface eth0 \
                    --jump SNAT --to-source $ETH0_IP
                    # --jump MASQUERADE
     exit 0
     ;;

  * )
     echo "Usage: ${0} [ ls | flush | on | off ]"
     exit 0
     ;;
esac

Make it executable and then start SNAT-ing like this: 

bash# cd /usr/local/config
bash# chmod 755 source-nat
bash# ./source-nat
bash# ./source-nat on
Prev Up Next
4. Firewall Home 6. Web Server