so here is a short tutorial on how to accomplish this with an imaginary network.
Prerequisites: a spare machine or VM with two ethernet or wireless cards.
Using your favorite editor; I'm using nano here.
1. Enable ip-forwarding
- sudo nano /etc/ufw/sysctl.conf
- change the line net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1
2. Add a rule to the nat table
- sudo nano /etc/ufw/before.rules
- Add the following to the file after the *filter section
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/8 -o eth0 -j MASQUERADE
COMMIT
3. Add the route to allow traffic between NIC's
- sudo ufw route allow in on eth1 out on eth0 from 192.168.1.0/8
4. Restart UFW
- sudo ufw disable && sudo ufw enable
5. Done! Popcorn?
Addendum:
If you need to forward ports you edit the same files, I'm just using port 80 as an example, put your localnet instead of the ?.
Put this before the POSTROUTING segment.
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT \
--to-destination 192.168.1.?:80
COMMIT
finally:
- sudo ufw route allow in on eth0 to 192.168.1.? port 80 proto tcp
Popcorn for all!