Seadistame võrgud. Siin on seadistatud kaks võrguliidest: eth0 (välisvõrk) ja eth1 (sisevõrk)
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
# The secondary network interface
auto eth1
iface eth1 inet static
address 192.168.0.1/24
network 192.168.0.0

Lubame pakettide edastamise IPv4 võrgus (vajadusel ka IPv6):
nano /etc/sysctl.conf
…
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
…

Lubame pakettide edastamise kahe võrguliidese vahel
… esmalt kirjutame skripti vajalike käskudega:
nano masq.sh
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

seejärel käivitame skripti:
sh masq.sh

seejärel salvestame iptables’i sätted:
iptables-save > /etc/firewall.conf

seejärel tagame salvestatud tulemüüri reeglite käivitamise iga kord kui võrguliidest käivitatakse:
nano /etc/network/if-up.d/iptables
#!/bin/sh
iptables-restore < /etc/firewall.conf

muudame ka käivitatavaks kõigile:
chmod +x /etc/network/if-up.d/iptables