Activate NAT on Debian etch and Disable IPv6 support on Debian
Posted by Admin on September 10th, 2006
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
What is NAT ?
network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address (see gateway). According to specifications, routers should not act in this way, but many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts.
First, activate IP forwarding in /etc/sysctl.conf and add the following line
# Enable packet forwarding
net.ipv4.ip_forward = 1
If you have already this line just uncomment
Now you need to restart your networking services using the following command
#/etc/init.d/networking restart
Now you need to activate NAT itself in /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.255
up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
Now you need to restart your networking services using the following command
#/etc/init.d/networking restart
Disable IPv6 support on Debian
IPv6 is still not widely accepted and even less used. Many networked applications in Debian are enabling IPv6 support anyway, which result in a drop in performance and longer delays in day-to-day use.
To disallow ipv6 kernel module autoloading, deactivate it in modutils or module-init-tools in /etc/modprobe.d/aliases.
To disable IPv6 name resolution in Firefox or other Gecko-based browsers, change the following option to true
network.dns.disableIPv6
If you are interested in debian IPV6 Project check here


July 16th, 2008 at 11:05 pm
auto eth0
iface eth0 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.255
up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
Probably a silly thing, but is not the network line here mixed up with the broadcast address? Should it not say something like this:
broadcast 192.168.1.255
network 192.168.1.0
May 12th, 2009 at 10:31 am
Yes, obviously! You are absolutely right!