I have a strange question regarding NAT using iptables.
When I do SNAT in a postrouting chain in NAT table at the end of the rule should I give -J ACCEPT?
I see counters on the postrouting rule getting incremented but no packet leaving the machine.
So does it mean the packet is DROPPED automatically?
Best Answer
No. There is only one target (-j) per rule. The
-j SNATis exclusive, you can't provide two targets for a rule. If you need to accept the packet, the 'ACCEPT' target should be used in the 'FORWARD' chain of the 'filter' table.Packets are only dropped if there is a rule to drop them, or if the default policy of the 'FORWARD' chain is 'DROP'. In both case, these counters are updated.
More likely, routing is not enabled or your routing tables are not complete.
To enable routing: