Turn a Single CentOS Server into a LAN Gateway with iptables SNAT

Overview

A cluster of ten servers forms a LAN, but only one server has an external network interface. The goal is to let the other nine servers reach the Internet through this host.

Experiment Environment Introduction

We use a CentOS host as the gateway. The topology is illustrated below.

Configure Gateway Server

# step 1: stop and permanently disable firewalld
systemctl stop firewalld
systemctl disable firewalld

# step 2: install iptables‑services
yum -y install iptables-services

# step 3: enable kernel forwarding
# edit /etc/sysctl.conf and add:
net.ipv4.ip_forward = 1
sysctl -p   # apply changes

# step 4: add NAT rule (MASQUERADE for dynamic external IP)
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

# step 5: save iptables rules (otherwise they disappear after reboot)
service iptables save

The MASQUERADE target is used when the external IP is assigned dynamically.

You can also set a static external IP with SNAT:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 39.96.81.141

Client Access Internet

After configuring the gateway, set each LAN host’s default gateway to the internal IP address of the gateway server. Ensure DNS settings are correct, otherwise name resolution will fail.

For DNS configuration on Linux servers, refer to the linked guide.