1:1 NAT on your Linux/Netfilter Firewall

published on 2007-07-11 in computing

So you want to map a public IP to a private IP behind your Linux (netfilter) based firewall. Here is the syntax:

## Standard Stuff ##
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --table nat -A POSTROUTING -o eth0 -j SNAT --to $NAT_IP

## The 1:1 NAT stuff ##
iptables -t nat -A PREROUTING -d $EXTERNAL_IP 
       -j DNAT --to-destination $INTERNAL_IP
iptables -t nat -A POSTROUTING -s $INTERNAL_IP 
       -j SNAT --to-source $EXTERNAL_IP
       -j SNAT --to-source $NAT_IP

Where $NAT_IP is the external IP of your firewall. The last rule is required if you want hosts on your internal net to be able to talk to that external IP as well.