Configuring NAT (Network Address Translation) on novatest01

The following procedure was used to enable IP forwarding and masquerading between the internal (private) network on the teststand, and the external public network. This is required for allowing the buffer farm to operate correctly.

  • Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
    iptables --flush            # Flush all the rules in filter and nat tables
    iptables --table nat --flush
    iptables --delete-chain
  • Delete all chains that are not in default filter and nat table
    iptables --table nat --delete-chain
  • Set up IP FORWARDing and Masquerading
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface eth1 -j ACCEPT
  • Enables packet forwarding by kernel
    echo 1 > /proc/sys/net/ipv4/ip_forward
  • Apply the configuration
    /etc/rc.d/init.d/iptables stop
    /etc/rc.d/init.d/iptables start