Bryan, : Thanks for the help Martin. I was under the impression that DNAT : altered the packets on the PREROUTING chain going both ways. Yes, connection tracking is a tricky little beast to understand.... : :What did you pour all over the documentation on the Internet? ;) : : Did it get in your pores? : I actually studied it so intently that I was sweating. :) Heh! : :And one other thing! Make sure you have turned off reverse path : :filtering : This wasn't on, though I am not exactly sure what it does. Needless to : say, everything is working well now. Thanks again. Great! Glad to hear it. Here's a tidbit on rp_filter (reverse path filtering): http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN616 -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
