On Sun, Jul 10, 2011 at 6:35 PM, Robert Marmorstein <rmmarm@xxxxxxx> wrote: > ... > > It might help you to LOG packets that are REJECTED. Then if you continue to > have issues, you should be able to see more directly what's going on. > > To do that, add rules like directly before the ones with -J REJECT: > > iptables -A INPUT -j LOG -m limit --limit 3/minute > iptables -A FORWARD -j LOG -m limit --limit 3/minute > > Then you should look in /var/log/messages or /var/log/syslog (depending on > which logger you have installed) to see which packets are being dropped. > > You probably don't want these rules enabled all the time -- the log files > can get pretty big quickly -- but they are very helpful for debugging. > > If you continue to have issues, posting the LOG messages would help us know > more about what's going on. > > Robert Hi Robert, I tried the loging rules, but they didn't work as proposed: % sudo iptables -A INPUT -j LOG -m limit --limit 3/minute Password: iptables: Invalid argument. Run `dmesg' for more information. % sudo iptables -A FORWARD -j LOG -m limit --limit 3/minute iptables: Invalid argument. Run `dmesg' for more information. What dmesg shows is: x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 I didn't find anything under: /var/log/messages.log /var/log/syslog.log The dmesg messages come from: /var/log/kernel.log Not sure if that helps any way to get some light, :-) Thanks, -- Javier.
