11.4 About Network Address Translation

Network Address Translation (NAT) assigns a public address to a computer or a group of computers inside a private network with a different address scheme. The public IP address masquerades all requests as going to one server rather than several servers. NAT is useful for limiting the number of public IP addresses that an organization must finance, and for providing extra security by hiding the details of internal networks.

The netfilter kernel subsystem provides the nat table to implement NAT in addition to its tables for packet filtering. The kernel consults the nat table whenever it handles a packet that creates a new incoming or outgoing connection.

Note

If your want a system to be able to route packets between two of its network interfaces, you must turn on IP forwarding:

# echo 1 > /proc/sys/net/ipv4/ip_forward

You can use the Firewall Configuration GUI (firewall-config) to configure masquerading and port forwarding.