echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
not sure if that effects outgoing pings or not.. i dont think it does...
This stops the box itself from replying to pings...
Wouldn't have any effect on forwarded pings..
Yeah, Pings is not a PORT, but you need to have ICMP activated with IPTABLES. So I call it a port.
Ping and other protocols are always activated in the kernel, (unless you remove them)..
iptables merely gives you some control over them.. eg writing a rule to block, redirect etc
You would only need to allow them if you had a DROP policy to catch unspecified connections.
The 2 rules m15a4 mentioned have no effect on outgoing pings...
So I would suggest as killer_bunny did, isolate the problem.
Clear the rules and eliminate them as a possible cause...
Also add some -j LOG entries via the command line to watch what is happening...
eg iptables -t nat -I POSTROUTING -j LOG
When listing rules, please use iptables-save
to print them on the screen.
iptables -nL only shows 1 table and interpretes the rules quite inaccurately..