Saturday, April 28, 2012

Internet Connection Sharing on Linux using iptables

Internet Connection Sharing on Linux using iptables

It is very easy to setup an internet connection sharing in Linux system using iptables. This method can be used to share an internet connection from a Linux system(I used CentOS 6.2, but it should work on other distributions that support iptables). Another method of doing this is using a proxy server like squid.

Enable IP forwarding

Run as root
sysctl -w net.ipv4.ip_forward=1
To enable it in system startup, edit the file /etc/sysctl.conf and set
net.ipv4.ip_forward = 1


Run command as root
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save


The configuration should be like this


Connected to the internet provider
IP :

Internet Connected System

eth0 (LAN Card 1)

Connected to router
  • IP :
  • Netmask :
  • Gateway : (IP of the router)

eth1 (LAN Card 2)

Connected to the other system
  • IP : (Not the same network as the first card)
  • Netmask :
  • Gateway : (IP of the router)
You can even use Squid as transparent proxy as website access log for your LAN. Just add the command given below after installing and configuring squid as transparent proxy.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 

No comments: