Greetings all,

My connection with the outside (ISP) is through eth1.
My private network resides on via eth0.
I also have a vpn connection via ppp0.

I want to be able to browse the internet behind the nat box, from my private network using the vpn connection.

So far, I have done this:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -p FORWARD ACCEPT

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

route del default eth1
route add default ppp0
This does nat from the vpn connection to my private network and adds a default route through ppp0 (vpn) instead of eth1 (my ISP).

The problem is I am able to browse the internet from my nat box AND behind it, from my network to some websites ONLY. I'm also unable to ping anything else by its DNS/IP address.

Only these work for me:,, regardless if I access them from my nat for or behind.

Is there any solution/reason for this? Do I have to add other iptables rules to make this fully functional?