The same machine, eth0 -> Eth1 This is also a Forward chain in iptables ...
After loading the iptable_nat module..
By the way, IP_CONNTRACK will also bring the kernel together ...
Then / proc / net / ip_conntrack crazy, afraid of the gateway, just rmmod iptable_nat, the result is still mad ...
then...
RMMOD IP_CONNTRACK,
everything is normal...
Note when setting the default policy of setting the iptables such as the IPT chain
iptables -p input drop
iptables -p output drop
iptables -p forward DROP
Even in termination iptables -f
It is still only possible to clear the strategy already displayed, clear the default policy, so in the case of the default DROP, do not use iptables -f when SSH is on
