Routage NAT simple

Interfaces

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# DHCP config for ens4
auto ens4
iface ens4 inet dhcp
post-up iptables-restore < /etc/iptables-rules.save

auto ens5
iface ens5 inet static
	address 10.0.0.1
	netmask 255.255.255.0

Pare-feu

/etc/iptables-rules.save

# Generated by iptables-save v1.8.9 (nf_tables) on Tue Oct 14 14:25:57 2025
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ens4 -j MASQUERADE
COMMIT
# Completed on Tue Oct 14 14:25:57 2025

Kea DHCP

/etc/kea/kea-dhcp4.conf

{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [
        "ens5"
      ]
    },
    "control-socket": {
      "socket-type": "unix",
      "socket-name": "/run/kea/kea4-ctrl-socket"
    },
    "lease-database": {
      // Memfile is the simplest and easiest backend to use. It's an in-memory
      // C++ database that stores its state in CSV file.
      "type": "memfile",
      "lfc-interval": 3600
    },
    "expired-leases-processing": {
      "reclaim-timer-wait-time": 10,
      "flush-reclaimed-timer-wait-time": 25,
      "hold-reclaimed-time": 3600,
      "max-reclaim-leases": 100,
      "max-reclaim-time": 250,
      "unwarned-reclaim-cycles": 5
    },
    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,
    "option-data": [
      {
        "name": "domain-name-servers",
        "data": "9.9.9.9"
      },
      {
        "code": 15,
        "data": "example.org"
      },
      {
        "name": "domain-search",
        "data": "mydomain.example.com, example.com"
      },
      {
        "name": "boot-file-name",
        "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
      },
      {
        "name": "default-ip-ttl",
        "data": "0xf0"
      }
    ],
    "subnet4": [
      {
        "subnet": "10.0.0.0/24",
        "pools": [
          {
            "pool": "10.0.0.100 - 10.0.0.200"
          }
        ],
        "option-data": [
          {
            // For each IPv4 subnet you most likely need to specify at
            // least one router.
            "name": "routers",
            "data": "10.0.0.1"
          }
        ],
        "reservations": [
        ]
        // You can add more subnets there.
      }
    ],
    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [
          {
            "output": "stdout",
            "pattern": "%-5p %m\n"
          }
        ],
        "severity": "INFO",
        "debuglevel": 0
      }
    ]
  }
}