BTW I needed to enable IP forwarding. I know what I am doing but you can still warn me in case you think I missed something. I have tested firewall with IP forwarding enabled and found no leaks (it rejects FORWARD chain from eth1, so I guess disabled IP forwarding is just additional layer of security but not critical).
And now I noticed that not only DNS but also any internet connections on whonix-gateway are not working
May ip_forward=1 be the problem?
[INFO] [whonixcheck] IP Forwarding Result: /proc/sys/net/ipv4/ip_forward is 1.
[INFO] [whonixcheck] Tor Bootstrap Result: Connected to Tor.
[INFO] [whonixcheck] Whonix is produced independently of, with no guarantee from, The Tor Project. Whonix is experimental software. Do not rely on it for strong anonymity. https://www.whonix.org
[INFO] [whonixcheck] SocksPort Test: Testing Tor's SocksPort...
[ERROR] [whonixcheck] SocksPort Test Result: https://check.torproject.org was not reachable. (curl exit code:  - [Failed to connect to host.])
You could check, if you can reach https://check.torproject.org via the Tor Browser Bundle.
[INFO] [whonixcheck] Whonix News Download: Checking for Whonix news and updates...
[ERROR] [whonixcheck] Whonix News Result: Download of Whonix News File failed.
[INFO] [whonixcheck] Debian Package Update Check: Checking for software updates via apt-get...
[WARNING] [whonixcheck] Debian Package Update Check Result: Could not check for software updates! (apt-get code: 100)
Please manually check:
(Open a terminal, Start menu -> Applications -> System -> Terminal.)
sudo apt-get update && sudo apt-get dist-upgrade
[INFO] [whonixcheck] Whonix APT Repository: Enabled.
When the Whonix team releases JESSIE updates,
they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade)
along with updated packages from the Debian team. Please
read https://www.whonix.org/wiki/Trust to understand the risk.
If you want to change this, use:
pc behind whonix-gateway still works well with current configuration