In my case, I have a block of routable IP addresses from my ISP, but I have more devices than IP addresses and not everything needs a routable IP address.
So, instead of getting more IP addresses, I decided to do DHCP and NAT for some things.
In my current set up I'm actually doing DHCP, DNS and NAT on the SheevaPlug _and_ using it as a firewall.
Here I'll just show how to do the NAT part.
External network : 172.16.0.0/12 Internal network : 192.168.1.0/24 Router IP address : 172.16.1.254Set up your network interface. e.g
# ip link set dev eth0 up # ip addr add 172.16.1.1/12 brd + dev eth0 # ip addr add 192.168.1.1/24 brd + dev eth0Add a default route to your router.
# ip route add default via 172.16.1.254 dev eth0
# iptables -F # iptables -t nat -F # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD DROPConfigure Source NAT
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.16.1.1 # iptables -A FORWARD -i eth0 -o eth0 -s 192.168.1.0/24 -j ACCEPT # iptables -A FORWARD -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# echo 1 > /proc/sys/net/ipv4/ip_forwardDisable ICMP redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects # echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects # echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects