I have setup masquerading dozens of times with no issues. I have 2 linux boxes (A=Private, B=Masquerader) Here are the checks I have done A - Default gateway is B B - iptables is wide open with 1 postrouting statement iptables -t nat -A POSTROUTING -s 10.0.73.11 -j SNAT --to-source PUBLIC_IP B - IP Forwarding is enabled. I can ping from A to B's private address. Cannot go past that. If I run iptraf on B, I can see the ping req/reply from A to another IP. If I ssh from A to another machine outside the firewall, I can see the connection attempt with netstat -an | grep :22 on the remote machine. So the connection are being transmitted out correctly, but not getting returned correctly through SNAT. Any ideas?