If you want your home network to be able to reach the outside internet, you need to enable Network Address Translation on the home server.

There are at least two different types of NAT that you can use:

• SNAT (source NAT)
• Masquerading

SNAT is faster but require your upstream interface to have a static IP address, because it's a NAT associated to a fixed IP address.

Masquerading does not depend on a fixed IP, but since it queries the interface for it's current IP for each packet routed, it's slower and require a little bit more resources. Since in your setup the upstream network interfaces have static IP address, i will show you SNAT. Masquerading is required when you have a PPP upstream connection, for example, or when you are forced to use DHCP from your ISP.

Enabling SNAT with nft is pretty easy and can be achieved with the following commands on the server:

 > nft add table nat
 > nft add chain nat postrouting { type nat hook postrouting priority 100\;}
 > nft add rule nat postrouting oifname "enp59s0u2u4c2" iifname enp0s31f6 snat to 192.168.1.10

These rules:

• Create a new table called nat
• Create a new chain called postrouting
• Append to it a rule that will apply SNAT to all packets coming from the LAN interface (iifname) and routes them on the WAN interface (oifname) replacing it's IP address as 192.168.1.10

I am showing you how to use nftables tool, which replaced iptables. Here is a nice NFT Quick Reference Table if you need it…

You should, now, route your home network to the outside world…

One last step is to enable IP forwarding, since you will need this both for containerized services and the home network. Create a new file called /etc/sysctl.d/ip_forward.conf:

ip_forward.conf

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1

Now either reboot or manually enable:

 > sysctl net.ipv4.ip_forward=1
> sysctl net.ipv4.conf.default.rp_filter=1