I find myself wanting to set these things up all the time, and I never remember how.

Here is a little shellscript to setup NAT assuming eth0 connects to the real world and tun1 is my internal interface.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface tun1 -j ACCEPT

Here are the contents of /etc/dhcp3/dhcpd.conf (put there by Debian package dhcp3-server).

subnet netmask {
option subnet-mask;
option broadcast-address;
option routers;

I learned most of this from here.


