My public interface has serveral IP address aliases. Only the primary IP address responds to traffic (ip, imcp, et al). I inserted a log statement at the top of each table and found that the packets destined for the virtual addresses never made it to any table. However, according to tcpdump, I confirmed that the packets did get picked up by the kernel on the secondary address. I guess they are just not passed to iptables. Obviously, the packet was never replied to (icmp) or acknowledged (ip) by the process. How can I get iptables to respond to the packets on the secondary interfaces? Or, how can I get the kernel to pass the packets to iptables? I understand that when the packet hits the chain, all I have to do is create a rule with the primary interface and use the IP address to distinguish the packets of different virtual addresses. If you are looking for more detail, see the email I sent on Sun, 24 Oct, at 9:28 p.m. (GMT -6). Thanks for your help!
