I have an ubuntu 10 machine I'm trying to set up with NAT.
eth0 is the WAN interface, that uses DHCP.
eth1, eth2, eth3 are LAN interfaces. They are connected to 192.168.0.50, .51, .52 respectively.
NAT through eth1 works great. On eth2/3, I get nothing -- "no route to host" on ping. Here's my iptables config. Is anything obviously wrong?
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*nat
:PREROUTING ACCEPT [1799:327587]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [23:2190]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*filter
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [24:1613]
:OUTPUT ACCEPT [857:128814]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.50/32 -i eth1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -s 192.168.0.51/32 -i eth2 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -s 192.168.0.52/32 -i eth3 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*mangle
:PREROUTING ACCEPT [3890:612115]
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [220:45916]
:OUTPUT ACCEPT [857:128814]
:POSTROUTING ACCEPT [1140:186789]
-A PREROUTING -i eth1 -j MARK --set-xmark 0x3/0xffffffff
-A PREROUTING -i eth2 -j MARK --set-xmark 0x4/0xffffffff
-A PREROUTING -i eth3 -j MARK --set-xmark 0x5/0xffffffff
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
As the three Ehternets are in the same network (192.168.0.0/24), maybe you want to bridge them and NAT the bridge device, instead of treating them individually.
Obviously wrong is using the same /24 on different interfaces.