> 1-My iptables rules are the following : > iptables -t filter -F > iptables -t nat -F > > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -t filter -P INPUT DROP > iptables -t filter -P FORWARD DROP > iptables -t filter -P OUTPUT DROP > > iptables -t filter -A INPUT -i lo -j ACCEPT > iptables -t filter -A OUTPUT -o lo -j ACCEPT > > iptables -t nat POSTROUTING -o eth2 -j MASQUERADE something tells me this is still not the output that Antony requested, as that last line is not a valid command (there's no "-A" in it). > [bunch of rules snipped out] i don't see any rule that allows for DNS resolution. is this due to sanitizing, or do you really not have one? i'm thinking something along the lines of: iptables -A FORWARD -p udp -s 172.16.0.0/16 --dport 53 -j ACCEPT -OR- iptables -A FORWARD -p udp -s $INTERNAL_DNS_SRV --dport 53 -j ACCEPT Try posting the output of: echo -e "\n*** FILTER ***\n"; iptables -vxnL && echo -e "\n*** NAT ***\n"; iptables -t nat -vxnL && echo -e "\n*** MANGLE ***\n"; iptables -t mangle -vxnL And the output of: ip addr show ip route list as we're not making much progress under the current method... -j
