> > I'm really replacing the DNAT rule with the LOG one (only rule in the chain > > is the LOG one) > If there are no other rules in the nat PREROUTING chain and assuming that you > don't have and mangle PREROUTING rules (you don't, do you?) then that log > rule will see every single packet that comes in off the wire. Try this: > iptables -A PREROUTING -p all -j LOG --log-prefix "PREROUTING: " I do: iptables -t nat -A PREROUTING -p udp -j LOG --log-prefix "PREROUTING: " iptables -t filter -A INPUT -p udp -j LOG --log-prefix "INPUT: " (I'm logged in that box via ssh, so I prefer not to do -p all) There are no more rules than these ones. In the log I see the INPUT ones but not the PREROUTING (only see on PREROUTING packets to port 137, maybe some worm...) > You should see tons output in /var/log/messages including the packets you're > looking for. If the packets aren't there, then they aren't making it to the > box. But the packets got to the INPUT rule, that should be after PREROUTING. And got to my socket. > Jeff Saludos, HoraPe --- Horacio J. Peņa horape@xxxxxxxxxxxxxxxxx horape@xxxxxxxxxx
