# IPTables - Forwarding Between LAN and WLAN 

Add the following to `/etc/udev/rules.d/10-network.rules`, substitute `LAN_MAC_ADDR` and `WLAN_MAC_ADDR` with your Ethernet device and WLAN device MAC addresses for persistent network names:

```
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="LAN_MAC_ADDR", NAME="ether0" <br></br>SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="WLAN_MAC_ADDR", NAME="wifi0" 
```

Add the following to `/etc/sysctl.d/30-ip_forward.conf`:

```
net.ipv4.ip_forward=1<br></br>net.ipv4.conf.default.forwarding=1<br></br>net.ipv4.conf.all.forwarding=1 <br></br>Add the following to /etc/iptables/iptables.rules: <br></br>*nat <br></br>:PREROUTING ACCEPT [783:65928] <br></br>:INPUT ACCEPT [73:9660] <br></br>:OUTPUT ACCEPT [6180:382480] <br></br>:POSTROUTING ACCEPT [18:1260] <br></br>-A POSTROUTING -o wifi0 -j MASQUERADE <br></br>COMMIT<br></br><br></br>*filter <br></br>:INPUT ACCEPT [0:0] <br></br>:FORWARD ACCEPT [0:0] <br></br>:OUTPUT ACCEPT [176:192839] <br></br>-A INPUT -i lo -m comment --comment "Inbound from loopback (lo)" -j ACCEPT <br></br>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br></br>-A INPUT -p icmp -j ACCEPT <br></br>-A INPUT -j NFLOG --nflog-group 1 <br></br>-A INPUT -j REJECT --reject-with icmp-host-prohibited <br></br>-A FORWARD -i wifi0 -j ACCEPT <br></br>-A FORWARD -i wifi0 -o ether0 -m comment --comment "ether0 <\- wifi0" -j ACCEPT <br></br>-A FORWARD -i ether0 -o wifi0 -m comment --comment "wifi0 -> ether0" -j ACCEPT <br></br>-A FORWARD -j REJECT --reject-with icmp-host-prohibited <br></br>COMMIT
```