On Sunday 14 December 2003 08:52, horape@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote: > > > Yes, and I've added a rule like this: > > > /sbin/iptables -t nat -A PREROUTING -j LOG and don't see the packets. > > > > Ummmm > > if you ADD the rule above after the rule that is re-routing the > > packet, no ... you wont see the packets. Try > > iptables -t nat -I PREROUTING (line number) > > where (line number) is less than the line on which your DNAT line > > occurrs. (see iptables -t nat --line-numbers -v ) > > I'm really replacing the DNAT rule with the LOG one (only rule in the chain > is the LOG one) > If there are no other rules in the nat PREROUTING chain and assuming that you don't have and mangle PREROUTING rules (you don't, do you?) then that log rule will see every single packet that comes in off the wire. Try this: iptables -A PREROUTING -p all -j LOG --log-prefix "PREROUTING: " You should see tons output in /var/log/messages including the packets you're looking for. If the packets aren't there, then they aren't making it to the box. Jeff
