How to Configure your CentOS 4 box as an Internet Gateway/Router using IP Masquerading

What is IP Masquerading?

IP Masquerade is a form of Network Address Translation or NAT which NAT allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. The software interface which enables one to configure the kernel for IP masquerading is iptables.

To configure IP Masquerading, you need to have two LAN cards, a PC with CentOS 4 Linux installed.
Install the LAN cards and configure the IP address of your public and private network.

1. Configure the IP address of your public network, it should be similar like this one.

vi /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR=xx.xx.xx.xx	#Provided by your ISP
NETMASK=    # Provided by your ISP
GATEWAY=xx.xx.xx.1    # Provided by your ISP

2. Configure the IP of your private network

vi /etc/sysconfig/network-scripts/ifcfg-eth1

3. Configure your /etc/sysconfig/network

vi /etc/sysconfig/network

4. Check your name server information, if it is configured correctly it should be look like this.

cat /etc/resolv.conf
nameserver xx.xx.xx.xx      # Primary DNS Server provided by your ISP
nameserver xx.xx.xx.xx      # Secondary DNS Server provided by your ISP

Reload your network configurations

/etc/init.d/network restart

5. All set, lets configure the iptables to enable IP Masquerading and share your internet connection.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/etc/init.d/iptables save

6. Enable packet forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Add this command in /etc/rc.local to automatically start ip forwarding during boot

vi /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward

7. Thats it, you can configure your PC in your private network.

IP Address: up to
Subnet Mask/Mask/NETMASK:
DNS: #Your DNS entry should be same in your /etc/resolv.conf
Primary DNS: xx.xx.xx.xx
Secondary DNS: xx.xx.xx.xx

You have to put static IP in every computer in your private network. If you want to simplify this task, you can install a DHCP server.

8. Installing DHCP server
To enable DHCP server in your CentOS box, you need to install dhcp package.

yum install dhcp

Rename your /etc/dhcpd.conf to /etc/dhcpd.conf.old.
Then copy the /usr/share/doc/dhcp-x.x.x/dhcpd.conf.sample to /etc/.

cp /usr/share/doc/dhcp-x.x.x/dhcpd.conf.sample /etc/dhcpd.conf

Edit your /etc/dhcpd.conf to similar like this:

ddns-update-style interim;
ignore client-updates;

subnet netmask {
        option routers        ; #Default Gateway
        option subnet-mask    ;
        option domain-name-servers      xx.xx.xx.xx,xx.xx.xx.xx;       
	range dynamic-bootp;  #DHCP Range to assign
        default-lease-time 43200;
        max-lease-time 86400;

Configure dhcp to run during boot time and start your dhcp server.

chkconfig dhcpd on
/etc/init.d/dhcpd start

9. Disabling and enabling your iptables

To disable your iptables, run this commands.

/etc/init.d/iptables save

/etc/init.d/iptables stop
chkconfig iptables off

Type this command if you want to enable your iptables

chkconfig iptables on
/etc/init.d/iptables start

Have fun...