SNAT with one NIC

Yeah, this is possible (I have this set up on a SheevaPlug).

In my case, I have a block of routable IP addresses from my ISP, but I have more devices than IP addresses and not everything needs a routable IP address.

So, instead of getting more IP addresses, I decided to do DHCP and NAT for some things.

In my current set up I'm actually doing DHCP, DNS and NAT on the SheevaPlug _and_ using it as a firewall.

Here I'll just show how to do the NAT part.

 Getting started

Let's say you have the following network configuration:
External network  :
Internal network  :
Router IP address : 
Set up your network interface. e.g
# ip link set dev eth0 up
# ip addr add brd + dev eth0
# ip addr add brd + dev eth0
Add a default route to your router.
# ip route add default via dev eth0

 Set up NAT

Clear iptables and set default policies.
# iptables -F
# iptables -t nat -F
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD DROP
Configure Source NAT
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source

# iptables -A FORWARD -i eth0 -o eth0 -s -j ACCEPT
# iptables -A FORWARD -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

 Let the packets flow

Enable IP forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward
Disable ICMP redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

Andrew Clayton; Sun Oct 16, 2011