Skip to content

Instantly share code, notes, and snippets.

@cnicodeme

cnicodeme/howto.md

Created September 4, 2025 07:26
Show Gist options
  • Save cnicodeme/af16f228548dad076135465e284723d8 to your computer and use it in GitHub Desktop.
Save cnicodeme/af16f228548dad076135465e284723d8 to your computer and use it in GitHub Desktop.
Download ZIP
How to give Internet access to an isolated server
Raw
howto.md

## Setting the connection UP

### On the gateway server:

First, list the current rules

iptables -L -v -n

Be careful to adjust the interface names (ens3, ens4) and the subnet (10.0.0.0/16) to your own setup.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o ens3 -j MASQUERADE
iptables -A FORWARD -i ens3 -o ens4 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens4 -o ens3 -j ACCEPT

Verify the rules are properly set:

iptables -L -v -n
# iptables -t nat -L -v -n

On the isolated server:

Be careful to adjust the gateway IP (10.0.0.10) to the gateway server's IP.

ip route add default via 10.0.0.10

If the ping doesn't work on the isolated server, it could be an issue from the resolv.conf that has a symlink causing problems. In that case:

rm /etc/resolv.conf

echo "8.8.8.8" > /etc/resolv.conf
echo "8.8.4.4" >> /etc/resolv.conf
echo "2001:4860:4860::8888" >> /etc/resolv.conf
echo "2001:4860:4860::8844" >> /etc/resolv.conf

## Removing the connection

On the gateway server

Again, adjust the values accordingly

echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING -s 10.0.0.0/16 -o ens3 -j MASQUERADE
iptables -D FORWARD -i ens3 -o ens4 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i ens4 -o ens3 -j ACCEPT

Finally, check that the rules are back to the original value

iptables -L -v -n
# iptables -t nat -L -v -n

### On the isolated server:

ip route del default via 10.0.0.10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment