Daniel Nogradi wrote: > Hi Chinh, on machine B DNS resolution doesn't work at all because the > name servers are on the internet which it can not access. So I'm not > pinging google.com but the IP addresses. > > I've turned on logging and when I try to ssh, ping, etc, from B to A > then I get these messages on both B and in the logs of A: > > kernel: nat: IN=eth1 OUT= MAC=(mac address of eth1) SRC=(IP of machine > B) DEST=213.191.74.18 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ............ > kernel: out: IN=eth1 OUT=ppp0 SRC=(IP of machine B) DEST=213.191.74.18 > ........... > > What does this supposed to mean? :) > It mean your packet traversed the prerouting nat eth1, and so on. I would put 3 log messages, at "prerouting nat eth1", "forward", and "postrouting nat". If your packet is seen at postrouting then it should be successfully forwarded. I noticed that your packet's outbound interface is ppp0. However, I recall your MASQUERADE rule had "--out-interface eth0". Perhaps this is the cause and your packet is not masqueraded? Try a simple "iptables -A POSTROUTING -t nat -j MASQUERADE" without qualifiers. Other things to try. Use ethereal to sniff eth1, and eth0/ppp0. Is there traffic? Chinh
