Tip: NAT with Ubuntu’s ufw firewall

I am a big fan of Ubuntu’s Uncomplicated firewall because it is very simple to use.

I cannot remember if ufw is installed by default so to be sure

$ sudo apt-get install ufw

As part of my project to use Sonofon Mobile Broadband as backup for my ADSL I needed ufw to NAT the connections through the
ppp-connection.

The solution is pretty straight forward:

In the file

/etc/default/ufw

change the parameter DEFAULT_FORWARD_POLICY

DEFAULT_FORWARD_POLICY="ACCEPT"

also configure

/etc/ufw/sysctl.conf

to allow forwarding (the parameter is commented out by default)

net.ipv4.ip_forward=1

the final step is to add NAT to ufw’s configuration. Add the following to

/etc/ufw/before.rules

just after the header

# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through ppp0 - Change to match you out-interface
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

Enable the changes

$ sudo ufw disable && sudo ufw enable