Покажи
iptables -L -vn
iptables -L -vnt nat
sysctl net.ipv4.ip_forward
итак, от root`a ввёл:
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -P FORWARD DROP
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate NEW -i eth1 -p tcp -m multiport --dports 20,21,25,110,3128 -j ACCEPT
после этого Bat не подключился, но браузер через сквид пашет, далее
iptables -L -vnChain INPUT (policy ACCEPT 1958 packets, 519K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 5 packets, 280 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW multiport dports 20,21,25,110,3128
Chain OUTPUT (policy ACCEPT 2132 packets, 760K bytes)
pkts bytes target prot opt in out source destination
iptables -L -vnt natChain PREROUTING (policy ACCEPT 379 packets, 59593 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 120 bytes)
pkts bytes target prot opt in out source destination
54 3236 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 75 packets, 4563 bytes)
pkts bytes target prot opt in out source destination
ну, а в /etc/sysctl.conf
net.ipv4.ip_forward=1 - я его раскоментировал ещё когда NAT поднимал по своей инструкции