I can not adjust the nat ...

Given: eth0 - provider, br0 - home. network; The client is included in the server and the address 192.168.1.2 is statically set, while the gateway is accessible from the client and nothing more is available. From the gateway, everything is available - both the client and the Internet. Below infa from him.

### NAT config ### iptables -F iptables -t nat -F iptables -t raw -F iptables -t mangle -F iptables -A FORWARD -i br0 -o eth0 -s 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -o br0 -d 192.168.1.0/24 -j ACCEPT iptables -P FORWARD DROP iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.0.0.12 # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:12:11:8c:df:97 brd ff:ff:ff:ff:ff:ff inet 10.0.0.12/24 brd 10.0.0.255 scope global eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 00:12:11:8c:df:98 brd ff:ff:ff:ff:ff:ff 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 00:12:11:8c:df:99 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 scope global br0 valid_lft forever preferred_lft forever # brctl show bridge name bridge id STP enabled interfaces br0 8000.0025183cfd32 no eth1 veth0 # ip r default via 10.0.0.1 dev eth0 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.12 10.0.0.0/14 via 10.0.0.1 dev eth0 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1 # iptables -nvL Chain INPUT (policy ACCEPT 34 packets, 3377 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- br0 eth0 192.168.1.0/24 0.0.0.0/0 0 0 ACCEPT all -- eth0 br0 0.0.0.0/0 192.168.1.0/24 # iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 5148 packets, 591K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 437 packets, 75668 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 27 packets, 3179 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 27 packets, 3179 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * eth0 192.168.1.0/24 0.0.0.0/0 to:10.0.0.12 # tcpdump -ni br0 host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes 19:31:24.519733 IP 192.168.1.2 > 8.8.8.8: ICMP echo request, id 512, seq 1282, length 40 19:31:30.019820 IP 192.168.1.2 > 8.8.8.8: ICMP echo request, id 512, seq 1538, length 40 ^C # tcpdump -ni eth0 host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C

What did I forget?

  • one
    Is forwarding enabled? cat /proc/sys/net/ipv4/ip_forward that shows - Andrew Hobbit
  • LOL, here I am an idiot, the most important thing I forgot is to enable routing in the core. That's what it means to work ... In general, echo 1 > /proc/sys/net/ipv4/ip_forward , Thanks @Andrew Hobbit - user221136

0