configuring PAT on linux using IPtables

Im setting up a small home network for a friend and am having trouble configuring iptables for PAT. SNAT or DNAT is not an option because he has to many computers and only one public ip address to forward on. I would like to know the commands issued to set up the firewall ruleset for PAT. Ive already googled for a tutorial specific to PAT and I've found nothing. Thanks!

Hi,

Did you ever get any help with this ? I have a similar problem, if I find an answer, I'll let you know. It looks like masquarading will do it, but I'll let you know.

Andy

Well, my problem lies with the documentation of IP tables. It covers dynamic NAT and static NAT wonderfully, but I could not glean one syntax example when it came to port address translation. I know it can do it, I just need to know either WHERE to find the documentation on it or hear from someone who was able to pull it off themselves. I don't have the time to sit around at this guys house and play with it. When I go over there, I need to know exactly what I'm doing. (he is a good friend of my family and is paying me to do this, so I'd rather not waste his money) This post has been on the forum for a while, so if anybody here tried to help me out, they were probably just as successful as I was when it came to searching for documentation.

You should search for IP Masquerading instead, since that's how it is called in IPtables

Still, I don't see why you can not use SNAT (Source NAT, not to be mistaken with Static NAT) instead. The fact that there are many private hosts and only one public address is irrelevant. Masquerade is good just in case you are not routing through an interface with a static IP address.

Besides the official HOWTOs, there are a couple of unofficial tutorials at the documentation section of netfilter.org, that cover exactly how you can use SNAT/Masquerade to do what you want.

Take a look and experiment a bit, if you still have a problem perhaps I can post some couple-of-line examples (it's not anything complicate anyway, I just can't keep my eyes open enough right now (05:51 AM) ).

Hmm, I'm just used to the concept of PAT from studying cisco curriculum I guess. I've never read about IP masquerading before, so I will have to give it a look. Thanks again nske!