To make linux firewall as a router, it requires two lan cards.
echo 1 > /proc/sys/net/ipv4/ip_forward
and edit /etc/sysctl.conf
change ip_forward "0" to "1"
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -j ACCEPT
iptables -A OUTPUT -p ALL -s eth1_IP -j ACCEPT
service iptables save
service iptables restart
chkconfig iptables on
if any local ip want to be accessed from wan then forward that port like this
iptables -t nat -A PREROUTING -p tcp -i eth0 -d x.x.x.x --dport 80 -j DNAT --to a.b.c.d:80
where x.x.x.x is WAN IP
a.b.c.d LAN IP
eth1 is lan
eth0 is wan
your router is ready
echo 1 > /proc/sys/net/ipv4/ip_forward
and edit /etc/sysctl.conf
change ip_forward "0" to "1"
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -j ACCEPT
iptables -A OUTPUT -p ALL -s eth1_IP -j ACCEPT
service iptables save
service iptables restart
chkconfig iptables on
if any local ip want to be accessed from wan then forward that port like this
iptables -t nat -A PREROUTING -p tcp -i eth0 -d x.x.x.x --dport 80 -j DNAT --to a.b.c.d:80
where x.x.x.x is WAN IP
a.b.c.d LAN IP
eth1 is lan
eth0 is wan
your router is ready
