[Archlinux]IPTABLES NAT PROBLEM

[progc]

i have a public ip address 1.2.3.4 (assume)
and i want to setup a SNAT server to let interal PC access internet.
Archlinux (Latest Verison with newly installed and updated)
eth0: 1.2.3.4 (public ip addr)
eth1: 192.168.0.1
mask: 255.255.255.0

---------------------------------------------------
Windows 2003
NIC1:
192.168.0.2
Gateway: 192.168.0.1
MASK:255.255.255.0

------------------------------------------------------
then i input command to Archlinux Server
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.2.3.4
iptables -t nat -L
i can see my rule in it
ping 8.8.8.8 (google dns) OK
but in my internal PC (windows 2003)
ping 192.168.0.1 - worked
ping 8.8.8.8 - didnot work.
-------------------------------------------
at server : i used tcpdump -i eth1 and find my icmp message , but archlinux did not forward my icmp message to eth0 .
i tried lots of solutions
1. modprobe
modprobe ip_tables
modprobe ip_nat_ftp
2. iptables-save and restart iptables
3. /etc/rc.d/network restart
4. echo 0 > /proc/sys/net/ipv4/ip_forward
and them did not make SNAT work ...
What can I do?
Thx for help

[jlmiller]

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
#
# Prevent SYN floods from consuming memory resources:
#
 echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#
# Prevents anything coming in to firewall and lets only 
# all packets out
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
# Flush (-F) all specific rules
#
iptables -F INPUT 
iptables -F FORWARD 
iptables -F OUTPUT 
iptables -F -t nat
#
# Forward all packets from eth1 (internal network) to eth0 (the internet).
#
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

#
# Forward packets that are part of existing and related connections from eth0 to eth1.
#
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Permit packets in to firewall itself that are part of existing and related connections.
#
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all inputs to firewall from the internal network and local interfaces# Enable SNAT functionality on eth0
#
# SNAT (Source NAT) is used to map private source IP numbers of
# interfaces on the internal LAN to one of my public static IP numbers.
# SNAT performs this mapping when a client running on one of the
# internal hosts (x.y.z.c) initiates a TCP connection (SYN) through
# eth0.
#
### you have " iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.2.3.4" you left off the "-s 192.168.0.0/24"
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.4
#
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

[progc]

hi , i try kernel26-lts

the problem is solved

ur code is detailed and correct.

thx for ur help.

[dE_logics]

I would suggest you try MASQUERADE target too if the above suggestion doesn't work.

BTW I don't find any flaw in your setup, it should work. You just just need to enable ip_forward (which you did).

[progc]

I would suggest you try MASQUERADE target too if the above suggestion doesn't work.

BTW I don't find any flaw in your setup, it should work. You just just need to enable ip_forward (which you did).

Thx , i changed kernel-lts (32) and it works~