Adding NAT/masquerading
NAT is a way to hide internal network IP addresses from the external network, such as the Internet. Any outgoing traffic uses the main host IP address instead of using own local IP address. Add the last three lines of the following post-up and post-down settings in the configuration file /etc/network/interfaces. Only add these lines under the virtual bridge configuration which needs the NAT option. Have a look at the following code snippet:
auto vmbr0 iface vmbr0 inet static address 192.168.145.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '192.168.145.0/24' -o eth0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.145.0/24' -o eth0 -j MASQUERADE
Tip
It is much easier and manageable to handle NAT using a physical or virtual firewall. Most of the firewalls have the NAT option out of the box. Also, using virtualized firewalls, we can create...
