Daniel Nogradi wrote: > > Hi Chinh, I tried interchanging eth0 and eth1 and still no luck. I > didn't want to restrict the source yet, because I first would like to > see that it works at all, and then start tightening security. > /var/log/messages also says nothing. Is there any other log file which > would be useful to check? > I just did a quick test. With ip_forwarding on and no restrictions, it is sufficient to use the MASQUERADE rule, no FORWARD rule needed. If MASQUERADE isn't working, you can also try the SNAT rule. To see how your packets are going through iptables, you can turn on some logging: iptables -A PREROUTING -t nat --in-interface eth1 -j LOG --log-prefix "nat: " iptables -A FORWARD --in-interface eth1 -j LOG --log-prefix "out-fwd: " and so on. These logs are kernel messages, so if kernel logs aren't enabled, you can edit the /etc/syslog.conf file and restart syslogd. For example: kern.* /var/log/messages Just a thought, how is your machine B resolving DNS? I'm assuming that machine A gets its networking values including DNS from the modem. Is it communicating this to machine B? Maybe it's a DNS issue. For example, are you testing by pinging "google.com" or directly via an IP address? Regards, Chinh
