>> Подскажите, где затык?
> как минимум для начала выводы ip ro sh/ip ru sh/iptables -t nat
> -L -nv/iptables -L -nv. А так же неплохо указать маски подсетей,
> чтобы мы их не угадывали
> P.S.
> а 192.168.1.232 знает куда слать ответы для 172.19.254.104?eth0-172.19.252.0/255.255.252.0 -- LAN
eth1-91.245.35.0/255.255.255.224 -- WAN
ppp0-10.212.134.201
# ip ro sh
178.207.157.170 via 91.245.35.33 dev eth1
91.245.35.32/27 dev eth1 proto kernel scope link src 91.245.35.39
192.168.1.0/24 via 10.212.134.201 dev ppp0 scope link
172.19.252.0/22 dev eth0 proto kernel scope link src 172.19.252.95
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 91.245.35.33 dev eth1
# ip ru sh
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 302K packets, 40M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 214 packets, 13012 bytes)
pkts bytes target prot opt in out source destination
987 62093 MASQUERADE all -- * eth+ 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1167 packets, 72915 bytes)
pkts bytes target prot opt in out source destination
# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8098 916K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
126 9464 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
820K 88M ACCEPT all -- eth+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
238 14724 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
135 12132 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
49 2934 ACCEPT all -- eth+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth+ 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 14388 packets, 2337K bytes)
pkts bytes target prot opt in out source destination