Iptables Forwarding problem

Since you're having problems, I would start by simplyfing your configuration. Get rid of all the extraneous rules until you have a basic configuration working. That is, start with:

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

And make sure you have the necessary sysctl set:

# sysctl -w net.ipv4.ip_forward=1

And now see if things work. If they do work, slowly start making changes. If they don't work, let us know and we'll proceed from there.


never mind. i figured it out. for anyone who might stumble upon this, below is my iptables setup with LOG chains for troubleshooting purposes.

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  169 36504 ACCEPT     all  --  lo     any     anywhere             anywhere
  218 18804 ACCEPT     icmp --  any    any     anywhere             anywhere
 4919  365K ACCEPT     udp  --  eth0   any     anywhere             anywhere            udp spt:domain dpts:1024:65535
  196 24001 ACCEPT     tcp  --  eth0   any     anywhere             anywhere            tcp dpt:http
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere            tcp dpt:https
10698  696K ACCEPT     tcp  --  eth0   any     anywhere             anywhere            tcp dpt:ssh
   53  3686 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp spt:telnet
   77  7709 LOG_DROP_INPUT  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1258 75480 ACCEPT     icmp --  eth1   eth0    anywhere             anywhere
23927   31M ACCEPT     all  --  eth0   eth1    anywhere             anywhere
  195 12057 ACCEPT     udp  --  eth1   any     anywhere             anywhere            udp dpt:domain
17512 1425K ACCEPT     tcp  --  eth1   any     anywhere             anywhere            tcp dpt:http
  211 40089 ACCEPT     tcp  --  eth1   any     anywhere             anywhere            tcp dpt:https
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:telnet
   18  1860 LOG_DROP_FORWARD  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  457 61686 ACCEPT     icmp --  any    any     anywhere             anywhere
19715 4141K ACCEPT     all  --  any    any     anywhere             anywhere

Chain LOG_DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination
43246 2583K LOG        all  --  any    any     anywhere             anywhere            LOG level warning tcp-options ip-options prefix `[IPTABLES DROP] :'
43246 2583K DROP       all  --  any    any     anywhere             anywhere

Chain LOG_DROP_FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination
   18  1860 LOG        all  --  any    any     anywhere             anywhere            LOG level warning tcp-options ip-options prefix `[IPTABLES DROP FORWARD] : '
   18  1860 DROP       all  --  any    any     anywhere             anywhere

Chain LOG_DROP_INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination
   77  7709 LOG        all  --  any    any     anywhere             anywhere            LOG level warning tcp-options ip-options prefix `[IPTABLES DROP INPUT] : '
   77  7709 DROP       all  --  any    any     anywhere             anywhere