If your have two network cards eth0, eth1
lets assume
eth0 is connected to local network
eth1 is connected to public network(or ppp0)
Masquerading
1)To enable nat on eth0 for all local network users
If you are running iptables service, use the following method
#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
To save this changes
#iptables-save > /etc/sysconfig/iptables
or
#service iptables save
#service iptables restart
This will enable Masquerade. Now you can configure eth0 as the gateway for local network.
If you are not running iptables service
edit /etc/rc.local and add the below lines
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Then execute the ./rc.local file
2) To enable nat on eth0 for specified network user ips
#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system1) -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system2) -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Port Redirection
1)To redirect external 80 port traffic to 3128 port
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
2)To redirect external rdp port traffic to any local systems rdp port.
#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3389 -j DNAT --tox.x.x.x(ip of any local network system):3389
or
#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3382 -j DNAT --to x.x.x.x(ip of any local network system):3389
Based on your requirement, you can change the port and ip
