Network Address Translation is a technique to masquerade IP addresses on your internal LAN to the outside world. In other words; the outside world will not be able to look into your network.
This technique is easy to setup and maintain, saves IP addresses and is likely more secure that pure routing. To set it up, you require:
To be able to use IP forwarding, you must tell the kernel that it's okay to forward traffic from one network card to another. This setting is found in /etc/sysctl.conf. Set net.ipv4.ip_forward to 1.
To do this, execute:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
Make sure the service IPtables is running now and is started at bootup:
# service iptables status
# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Now that the kernel knows it's allowed to forward traffic from one NIC to another, configure the firewall. The firewall is the intelligent part of setting up NAT, IPtables actually 'does the work'. Here are the commands to set it up:
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
You have only configured the firewall for now, a reboot would undo all settings. Run this command once you are happy with the setup:
# /sbin/service iptables save
Reboot to test the setup. Your LAN client will have to set the default route to the IP address of the NAT machine's LAN NIC.