Many people ask me how to set up network address translation (NAT), aka. IP masquerading on a Debian (Etch) box. There are different ways of doing this, but this just works(tm).
You need to know (1) which interface is connected to your ISP, (2) which interface is connected to your LAN and (3) the IP address of your ISPs gateway. Edit /etc/network/if-up.d/iptables (the file probably does not exist), and enter the following:
1 #! /bin/sh
3 # Firewall rules.
5 # Assumptions:
6 # eth0: connected to ISP
7 # eth1: connected to LAN
8 # ISP’s gw: 18.104.22.168
10 # Flush all rules.
11 iptables -F
12 iptables -t nat -F
13 iptables -t mangle -F
15 # Set up NAT.
16 iptables -t nat -A POSTROUTING -o eth0 -j SNAT –to 22.214.171.124
18 # Enable IP forwarding
19 echo 1 > /proc/sys/net/ipv4/ip_forward
21 # Secure.
22 iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
23 iptables -A INPUT -m state –state NEW -i ! eth0 -j ACCEPT
24 iptables -P INPUT DROP
25 iptables -A FORWARD -i eth0 -o eth0 -j REJECT
You will need to modify to use the correct gateway address (no, that is *not* my ISPs gateway address, I made it up randomly). You may also need to swap eth0 and eth1 unless you have eth0 connected to your ISP.
This script will only set up what is necessary to enable NAT and to provide some rudimentary security. You will want to modify this script to provide other rules as well, to suit your own requirements.
You are done. Your Debian box can now act as a gateway to the Internet for other computers on your LAN, at least once they are configured to use the Debian box as their default gateway.