Linux - Router NAT with some restrictions

A simple IPtables script that allows forwarding from one interface to the other connecting 2 subnets while restricting access to the second.

eth0: (internet)

eth1: (lan)

The /bin/nat-up script:
iptables -t nat -F POSTROUTING
iptables -F FORWARD
iptables --policy FORWARD DROP
iptables -A POSTROUTING -t nat -s -o eth0 -j SNAT --to-source
# Full forwarding access to one host
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -d -j ACCEPT
# Access to one host only for the rest of the subnet
iptables -A FORWARD -s -d host1 -j ACCEPT
iptables -A FORWARD -s host1 -d -j ACCEPT
# Enable Forwarding...
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "IPtables - NAT enabled ... "

Another script has been created to disable the NAT on demand (/bin/nat-down) containing:
iptables -t nat -F POSTROUTING
iptables -F FORWARD
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "IPtables - NAT disabled ... "

Thank you for playing :)

Popular Posts