These are really two questions, and I'm not sure that they are related.
1) If the computers are connected by ethernet LAN via a switch, and not WLAN, all traffic on the LAN is in principle visible to all devices connected to it. No need to do masquerading/forwarding or use any iptable rules. So just fire up Wireshark on any computer, say, computer B, and you should see the traffic from computer A to the router.
If that doesn't work, ping computer B from computer A. Then ping the router from computer A. If you don't see packets from the first ping, something with the Wireshark setup doesn't work correctly. If you only see packets from the first ping, and not from the second ping, the interface drops packets not intended for that computer for some reason, or something is filtering out packets, so check iptables on computer B etc.
Edit: What also can happen is that your router is not acting as a switch. I tested a bit and found I actually had one router where all 4 LAN ports appear as distinct devices, and are bridged (including WLAN) using a Linux kernel bridge. This kind of bridge keeps track of MAC addresses it has seen, and only forwards to the port where it has seen the destination MAC address. In this case, packets from the two computers can't be seen on the other machine.
Solutions: (a) Find some other ethernet switch and connect everything to it, or (b) use the gateway method.
2) If you want to use computer B as the gateway for computer A (which is not necessary to just obvserve traffic on ethernet LAN, but may be necessary e.g. for WLAN), you need to configure computer A to use computer B as the gateway. Very likely your "internet" in your setup is a home router, which acts as a DHCP server, assigns IP addresses to computer A and computer B, and tells them to use the router as a gateway. So use route
or ip route
to set the correct route on computer A. Make sure there are no other routes.
The following script works for me to set up forwarding (though maybe it's not optimal):
#!/bin/bash
# forward traffic on the same $IF for one particular $ADDR, acting as gateway
modprobe nf_conntrack
modprobe nf_conntrack_ipv4
modprobe nf_nat
modprobe iptable_nat
IF="eth0"
ADDR="192.168.178.25"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $IF -o $IF -d $ADDR -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $IF -o $IF -s $ADDR -j ACCEPT
iptables -t nat -A POSTROUTING -s $ADDR -j MASQUERADE
iptables
change?