IPtables notes

http://www.netfilter.org/

NAT/DHCP/10.x.x.x

tested with linux2.6.0-pre4

add another interface…

# Add alias to interface on eth0 (to share a single ethernet port)
ifconfig eth0:0 10.0.0.1 netmask 255.0.0.0

add routing details

nat/masquerading

# Load the NAT module (this pulls in all the others).
modprobe iptable_nat

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out eth0 (-o eth0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(or source nat…)

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.254.x
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Forward between ports if not using aliases
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

and configure dhcp…

# Sample /etc/dhcpd.conf
default-lease-time 600000;
max-lease-time 7200000;

subnet 10.0.0.0 netmask 255.0.0.0 {
  range 10.0.0.2 10.0.0.254;
  option subnet-mask 255.0.0.0;
  option broadcast-address 10.0.0.255;
  option routers 10.0.0.1;
  option domain-name-servers 195.238.2.21, 195.238.2.22;
}

host wonk {
  hardware ethernet 08:00:2b:4c:59:23;
  fixed-address 10.0.0.22;
}

start dhcp server…

on GNU Linux

# test it first with "/usr/sbin/dhcpd eth0:0 -d -f"
/usr/sbin/dhcpd eth0:0

on OsX or BSD

# test it first with"/usr/sbin/dhcpd -d en0"
/usr/sbin/dhcpd en0

programming/tuning notes