User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
router:nat [2024/02/08 17:32] willyrouter:nat [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-===== Enabling NAT ===== 
- 
-If you want your home network to be able to reach the outside internet, you need to enable Network Address Translation on the home server.  
- 
-There are at least two different types of NAT that you can use: 
-  * SNAT (source NAT) 
-  * Masquerading 
- 
-SNAT is faster but require your **upstream** interface to have a static IP address, because it's a NAT associated to a fixed IP address. 
- 
-Masquerading does not depend on a fixed IP, but since it queries the interface for it's current IP for each packet routed, it's slower and require a little bit more resources. Since in your setup the upstream network interfaces have **static** IP address, i will show you SNAT. Masquerading is required when you have a PPP upstream connection, for example, or when you are forced to use DHCP from your ISP. 
- 
-Enabling SNAT with **nft** is pretty easy and can be achieved with the following commands on the server: 
-<code bash> 
- > nft add table nat 
- > nft add chain nat postrouting { type nat hook postrouting priority 100\;} 
- > nft add rule nat postrouting oifname "enp59s0u2u4c2" iifname enp0s31f6 snat to 192.168.1.10 
-</code> 
- 
-These rules: 
-  * Create a new table called nat  
-  * Create a new chain called postrouting 
-  * Append to it a rule that will apply SNAT to all packets coming from the LAN interface (iifname) and routes them on the WAN interface (oifname) replacing it's IP address as 192.168.1.10 
- 
-I am showing you how to use **nftables** tool, which replaced //iptables//. Here is a nice [[https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes|NFT Quick Reference Table]] if you need it... 
- 
-You should, now, route your home network to the outside world... 
- 
- 
-One last step is to enable IP forwarding, since you will need this both for containerized services and the home network. Create a new file called **/etc/sysctl.d/ip_forward.conf**: 
-<file - ip_forward.conf> 
-net.ipv4.ip_forward=1 
-net.ipv4.conf.default.rp_filter=1 
-</file> 
- 
-Now either reboot or manually enable: 
-<code bash> 
- > sysctl net.ipv4.ip_forward=1 
-> sysctl net.ipv4.conf.default.rp_filter=1 
-</code> 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information