> > FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT You have it accepting packets before it gets LOGged.. Put the LOG line above all others.. > > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:" Also, if your DNATing to a local webserver on the same network, it won't work without a SNAT as per jeromes suggestion as you have to make it look like the firewall is MAQUERADing your lan to an outside address BUT it's really inside, so your webserver will see all packets as the firewall and not local hosts... Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 > -----Original Message----- > From: JM [mailto:jerome@xxxxxxxxx] > Sent: Monday, 13 October 2003 1:12 PM > To: Ralf Spenneberg > Cc: Netfilter > Subject: Re: iptables help.. > > > hi, > > i added LOGging on server_A > > log all INPUT and FORWARD to messages log file... and for > some reason nothing > is comming up... > > [ having nightmares on this.. : ( ] > > TIA > >
