Oops. I hope you meant that you wanted a POLICY in the
nat table of ACCEPT, not to just accept any packet that comes along. The effect of your rules is that the MASQUERADE is never acted on, since the earlier rule stops the flow through the
nat table. I think you actually want this:
Code:
$iptables -t nat -P PREROUTING ACCEPT
$iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
It would also be a pretty nice idea to put some restrictions on the INPUT chain as well, to protect your firewall machine itself from the baddies.