On Wed, 2004-09-08 at 02:38, Jacob Friis Larsen wrote: > > i would content that while you believe your source IP is 1.2.3.4 in this > > scenario--it; in fact, is not. > > I know. > 1.2.3.4 is just for the example :) > > > try: > > > > iptables -A INPUT -j LOG --log-prefix "FW DROP INPUT: " > > > > and see what the logs have to say about it. > > This will log all incoming packets? setting the above as you last rule, in combination with setting the POLICY of the INPUT chain to DROP, will log all packets dropped by the INPUT chain. similarly: iptables -A OUTPUT -j LOG --log-prefix "FW DROP OUTPUT: " will log all packets dropped by the OUTPUT chain; which in your case, should show you what Aleksandar already pointed out--you don't allow ESTABLISHED packets out through the OUTPUT chain. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
