How to Configure your CentOS 4 box as an Internet Gateway/Router using IP Masquerading

What is IP Masquerading?

IP Masquerade is a form of Network Address Translation or NAT which NAT allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. The software interface which enables one to configure the kernel for IP masquerading is iptables.

To configure IP Masquerading, you need to have two LAN cards, a PC with CentOS 4 Linux installed.
Install the LAN cards and configure the IP address of your public and private network.

1. Configure the IP address of your public network, it should be similar like this one.

vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:50:BA:88:72:D4
IPADDR=xx.xx.xx.xx	#Provided by your ISP
NETMASK=255.255.255.0    # Provided by your ISP
GATEWAY=xx.xx.xx.1    # Provided by your ISP
ONBOOT=yes
TYPE=Ethernet

2. Configure the IP of your private network

vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:50:BA:88:72:D4
IPADDR=192.168.0.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

3. Configure your /etc/sysconfig/network

vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain

4. Check your name server information, if it is configured correctly it should be look like this.

cat /etc/resolv.conf
nameserver xx.xx.xx.xx      # Primary DNS Server provided by your ISP
nameserver xx.xx.xx.xx      # Secondary DNS Server provided by your ISP

Reload your network configurations

/etc/init.d/network restart

5. All set, lets configure the iptables to enable IP Masquerading and share your internet connection.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/etc/init.d/iptables save

6. Enable packet forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Add this command in /etc/rc.local to automatically start ip forwarding during boot

vi /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward

7. Thats it, you can configure your PC in your private network.

IP Address: 192.168.0.2 up to 192.168.0.254
Subnet Mask/Mask/NETMASK: 255.255.255.0
Gateway: 192.168.0.1
DNS: #Your DNS entry should be same in your /etc/resolv.conf
Primary DNS: xx.xx.xx.xx
Secondary DNS: xx.xx.xx.xx

You have to put static IP in every computer in your private network. If you want to simplify this task, you can install a DHCP server.

8. Installing DHCP server
To enable DHCP server in your CentOS box, you need to install dhcp package.

yum install dhcp

Rename your /etc/dhcpd.conf to /etc/dhcpd.conf.old.
Then copy the /usr/share/doc/dhcp-x.x.x/dhcpd.conf.sample to /etc/.

cp /usr/share/doc/dhcp-x.x.x/dhcpd.conf.sample /etc/dhcpd.conf

Edit your /etc/dhcpd.conf to similar like this:

ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {
        option routers                  192.168.0.1; #Default Gateway
        option subnet-mask              255.255.255.0;
        option domain-name-servers      xx.xx.xx.xx,xx.xx.xx.xx;       
	range dynamic-bootp 192.168.0.100 192.168.0.200;  #DHCP Range to assign
        default-lease-time 43200;
        max-lease-time 86400;
}

Configure dhcp to run during boot time and start your dhcp server.

chkconfig dhcpd on
/etc/init.d/dhcpd start

9. Disabling and enabling your iptables

To disable your iptables, run this commands.

/etc/init.d/iptables save

/etc/init.d/iptables stop
chkconfig iptables off

Type this command if you want to enable your iptables

chkconfig iptables on
/etc/init.d/iptables start

Have fun...