Gavin,
For some reason these packets just ain't traversing the iptables chains right. If I zero the counts in the nat table I can see they never hit the POSTROUTING chain where the SNAT is happening. My netcat packets, from exactly the same box, do. :-/
How many rules are in that chain *before* the masquerade statement? Is it possible that the packets are matching a rule and exiting the chain?
What happens if you put a -j LOG rule at the very beginning of the POSTROUTING chain that matches all packets and see if the packets enter the chain.
HTH
P. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
