Thanks all for your help I finally decided to go with a more simple port forwarding solution using socat a tool to forward tcp conections. This way I can filter forwarded ports by using the router's INPUT chain. Cheers On Sun, Aug 26, 2012 at 1:08 PM, Peter Baldridge <petebaldridge@xxxxxxxxx> wrote: > On Sun, Aug 26, 2012 at 10:11 AM, Juan Diego Tascón <juantascon@xxxxxxxxx>wrote: > >> Is there any way to debug iptables, Juan, > > > Another good way to debug IPTables (if you can limit the traffic to the box > to just what you are troubleshooting) use the command : > > sudo iptables -Z && sudo watch -n .5 iptables -nvL > > ^zeros the counters for iptables > > this will serve to show packet counters next to all your rules. Then you > can send the traffic you are troubleshooting and see which rule it is > matching. From a different window or screen you can add/drop rules and > watch the counters in real time. That has always helped me in tough > IPtables setups since it's a little more realtime/less info than logging. > > -pete
