Hi Chinh, logging all 3 types (prerouting, forwarding, postrouting) shows that the packets from 'machine B' never get postrouted. When I ping from 'machine B' anything in the outside world messages are logged about prerouting and forwarding but not postrouting, but pinging from 'machine A' does result in logged messages about postrouting (indeed, 'machine A' works fine). So I guess the problem is around here, although I don't know exactly what this means. I tried sniffing with tethereal too and that shows that the packets actually get through from 'machine B' to the outside world, but never return. For example sniffing eth0 while pinging from 'machine B' to the outside world gives 1 29.996623 (my dynamical IP) -> (the IP I ping) ICMP Echo (ping) request ... So I guess they get out, but can't get back to 'machine B'. And I'm also quite confused about eth0/ppp0, perhaps a related issue is that the kernel ip table of 'machine A' is Destination Gateway Genmask Flags Metric Ref Use Iface 213.191.89.30 * 255.255.255.255 UH 0 0 0 ppp0 192.168.10.0 * 255.255.255.0 U 0 0 0 eth1 192.168.10.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 213.191.89.30 0.0.0.0 UG 0 0 0 ppp0 and what might be suspicious is that there are two identical lines one with interface eth0 and the other with eth1. I'm not at all an expert on routing (which you probably know by now :)) so I'm not sure if this is a problem or not, but might be related. Any clues? On 2/23/06, Daniel Nogradi <nogradi@xxxxxxxxx> wrote: > > It mean your packet traversed the prerouting nat eth1, and so on. > > > > I would put 3 log messages, at "prerouting nat eth1", "forward", and > > "postrouting nat". If your packet is seen at postrouting then it should > be > > successfully forwarded. > > > > I noticed that your packet's outbound interface is ppp0. However, I > recall > > your > > MASQUERADE rule had "--out-interface eth0". Perhaps this is the cause and > > your > > packet is not masqueraded? Try a simple "iptables -A POSTROUTING -t nat > -j > > MASQUERADE" without qualifiers. > > > > Other things to try. Use ethereal to sniff eth1, and eth0/ppp0. Is there > > traffic? > > > > Chinh > > > > Hi Chinh, thank you very much again, I'll try your suggestions tonight. >
