iptables FORWARD with and without NAT

Simple forward from network 192.168.0.0/24 to network 172.16.0.0/24. GW 192.168.0.1 and 172.16.0.1

iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d 172.16.0.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 172.16.0.0/24 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

On the gateway tcpdump will show:

05:58:48.316239 IP 192.168.0.22 > 172.16.0.33: ICMP echo request, id 1, seq 2193, length 40
05:58:48.349553 IP 172.16.0.33 > 192.168.0.22: ICMP echo reply, id 1, seq 2193, length 40

Forward from network 192.168.0.0/24 to network 172.16.0.0/2 and source nating:

iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d 172.16.0.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 172.16.0.0/24 -d 192.168.0.0/42 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -d 172.16.0.0/2 -j MASQUERADE

On the gateway tcpdump will show:

05:58:48.316239 IP 172.16.0.1 > 172.16.0.33: ICMP echo request, id 1, seq 2193, length 40
05:58:48.349553 IP 172.16.0.33 > 172.16.0.1: ICMP echo reply, id 1, seq 2193, length 40

Leave a Reply