How To Masquerade On Linux (Internet Connection Sharing)

Want to support HowtoForge? Become a subscriber!
Submitted by phd (Contact Author) (Forums) on Fri, 2007-12-21 13:02. :: Linux

How To Masquerade On Linux (Internet Connection Sharing)  

It's very simple to masquerade (internet connection sharing in Windows language ) on Linux with a few lines of iptables and ip_forward commands.

First of all you have to flush and delete existing firewall rules.

So flush rules by typing in terminal:

iptables -F
iptables -t nat -F
iptables -t mangle -F

Now delete these chains:

iptables -X
iptables -t nat -X
iptables -t mangle -X

Now it's time to save the iptables rules so type:

service iptables save
service iptables restart

Now all rules and chains have been cleared!

Check it in /etc/sysconfig/iptables which has all default rules set to accept.

Now open /etc/rc.d/rc.local and insert the line:

echo "1" > /proc/sys/net/ipv4/ip_forward

And then save and close the file.

Now asuming that your internet interface is eth0, type:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

Note: check if iptables is set to start during boot up.

Or check the status of your iptables service:

chkconfig –list iptables

If level 5 is on then it's ok othewise start the service at level 5 or level 2345.

Note: The post is also available on my own site - article desktop.

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by alif (not registered) on Mon, 2013-03-18 11:57.
nice, tq it's work on my PCLINUX OS (server) and UBUNTU (client) 
Submitted by need help (not registered) on Wed, 2012-01-04 11:24.

why after i try to run this command chkconfig -list iptables my ouput is "-list: unknown option"???

 did i miss any of the step?

Submitted by manyam (not registered) on Tue, 2011-08-02 09:28.

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source

this is not forged ip address, when before executing this script internet is coming but after executing internet is not coming .if ping this there is no change ip address pls how to get forged using iptables.

Submitted by Anand (not registered) on Tue, 2011-02-08 05:52.

I have virtual box OS centos in Fedora 14.

I want to access internet from centos to outside,So i have to set MASQUERADE as well as packet forward.

Packet forward is working fine. But MASQUERADE is not working.

I have tried the below command for MASQUERADE

"iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE"

 Anybody can help me?

Submitted by rrvviinn81 (not registered) on Tue, 2011-04-19 07:56.

is your IP static? if so, try

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source

Submitted by ivucica (not registered) on Sun, 2009-07-19 13:26.
While I can certainly easily flush the iptables settings as instructed, Debian does not have a "services" command nor a folder /etc/sysconfig. I'll look elsewhere, but I'm torturing myself for the last full year trying to get IP forwarding to work; I must've messed something up in the tables and I can't fix it anymore.
Submitted by Zorin (not registered) on Thu, 2014-07-10 14:05.
For Ubuntu you can use: iptables-save
Submitted by Dane (not registered) on Thu, 2010-07-08 19:22.

I'm not sure if this is still a problem for you, but in versions of Debian that don't have the "service" command (NOT "serviceS"), I think you can find the needed script in /etc/init.d/iptables, or some such.  Just run a command like this (as root) to save/restart the iptables service:

 /etc/init.d/<NameOfIPtablesScript> save


/etc/init.d/<NameOfIPtablesScript> restart

 I hope this solves it for you!



Submitted by vishal (not registered) on Sat, 2009-01-17 20:55.
Great job. The best thing about this tutorial which makes it different from the others on web is that it has taught 'iptables flushing' before setting up IP forwarding.
Submitted by Naim (not registered) on Tue, 2009-05-05 07:56.

it was really great and use full information and i am really thankfull of the one who prepared and upload this information about internet sharing in linux machin i search lots of sites about this but there were no clear as much as that was in here once again really thanks.

Submitted by Peet (not registered) on Thu, 2008-09-11 14:12.
Thanks, this was really simple and it works 100%. You need credit!
Submitted by Anonymous (not registered) on Tue, 2009-02-03 08:46.
No, it does not work 100%... many of VPNs etc.  cant connect thru this
Submitted by dwallor (registered user) on Wed, 2008-01-16 09:11.


 One small note.  "chkconfig -list iptables" should be "chkconfig --list iptables" (at least on my system, which is normal for all multi-character option names).

To explain (for noobies out there), the command can be "chkconfig -L iptables" or "chkconfig --list iptables".  Note the one dash versus two.  The single-character version, "L" has one dash.  the multi-character version "list", which means the same thing, has two dashes.  This seems to be a standard, as it's held true for every unix command I've used (I think).

 More inportant note:

Remember to configure your LAN adapter (in this case eth0) and give it an ip address.  If you want your computer to be like a router with a 198.168.x.1 style address, use "ifconfig eth0 netmask up".  You'll also need to use whatever configuration you system provides you to change the adapters address to so it will be set correctly at bootup.