> Yes, I thought the same but my confusion is that I don't see any rules of > PREROUTING and POSTROUTING in the /etc/sysconfig/iptables file. > > [root@VS01]# cat /etc/sysconfig/iptables > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j > ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > > > But when I check the command iptables -L -t nat I can see the NAT rules > > [root@VS01]# iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: > 1024-65535 > MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: > 1024-65535 > MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 > MASQUERADE tcp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: > 1024-65535 > MASQUERADE udp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: > 1024-65535 > MASQUERADE all -- 192.168.100.0/24 !192.168.100.0/24 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > am I missing something? Maybe .. do you have IPv4 forwarding enabled? What is the output of "cat /proc/sys/net/ipv4/ip_forward" ?? If it is 0, then edit /etc/sysctl.conf .. find net.ipv4.ip_forward .. set it to 1 and then run (as root) sysctl -p _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos