When I change the line below to accept everything works fine.
$IPTABLES -P FORWARD DROP to $IPTABLES -P FORWARD ACCEPT
Of course it works, because you just deactivated your firewall. Anything goes through it (all your rules in FORWARD chain have ACCEPT target, and than you changed default policy to ACCEPT: everything is accepted).
Also, it seems that you have (incorrect) assumption that packet will go through both INPUT and FORWARD chains (because you are catching "bad" packets only in INPUT chain). Packet will go either through INPUT (if it is destined for local machine) or through FORWARD (if it is to be routed/forwarded to another machine). It will never go through both.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
