Setting up a NAT gateway on Rocky Linux 9 (and Hetzner) » 22 November 2023

This is mostly a note to myself, because I suck at Linux networking.

The general idea is to have a virtual network (this time at Hetzner) with a reverse proxy VM that has a couple of other VMs that have no public IPs. Sometimes these worker VMs also need love Internet access, so let’s set up a NAT gateway.

1. Add a route to the vnet, where the destination is 0.0.0.0/0, and the gateway is the IP of the… well, the gateway.

2. On the server echo 1 > /proc/sys/net/ipv4/ip_forward, then iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE, of course replace any IP addresses as needed

3. On the clients ip route add default via 10.0.0.1, then edit /etc/resolv.conf and add nameservers, each in their own line, like nameserver 1.1.1.1

4. Update all machines, I don’t know why the original guide says this, but hey, yum update -y && yum upgrade -y

Lastly, to make everything persistent, on the server, edit /etc/NetworkManager/dispatcher.d/ifup-local and add:

#!/bin/sh

/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE

Finally, chmod +x /etc/NetworkManager/dispatcher.d/ifup-local

On the client, first do yum remove hc-utils -y, then edit /etc/NetworkManager/dispatcher.d/ifup-local and add:

#!/bin/sh

/sbin/ip route add default via 10.0.0.1

And again, chmod +x /etc/NetworkManager/dispatcher.d/ifup-local

Once it’s done, I don’t want to touch it ever again.