#sysctl net.ipv4.ip_forward=1 #echo 1 > /proc/sys/net/ipv4/ip_forward echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf sysctl -p
for a static front-facing IP
iptables -t nat -A POSTROUTING -o FACING-NIC -s INTERNAL-CIDR -j SNAT --to-source FACING-IP
for a dynamic front-facing IP
iptables -t nat -A POSTROUTING -o FACING-NIC -s INTERNAL-CIDR -j MASQUERADE
iptables -t nat -A PREROUTING -i FACING-NIC -p tcp --dport XX -j DNAT --to-destination INTERNAL-IP:XX
eventually force it through the system firewall
#iptables -P FORWARD ACCEPT #iptables -A INPUT -i ens2 -s 10.8.8.0/24 -j ACCEPT #iptables -A OUTPUT -o ens2 -d 10.8.8.0/24 -j ACCEPT
New iptables Gotchas - SNAT VS MASQUERADE https://terrywang.net/2016/02/02/new-iptables-gotchas.html
Difference between SNAT and Masquerade https://unix.stackexchange.com/questions/21967/difference-between-snat-and-masquerade