On Wed, February 16, 2005 7:46 am, Ola Nilsson said: > So, going back to my initial question; How can I go about finding out where my packets are droped? Since it's most likelly not because of any netfilter rule entry, who else can decide that a packet can not be NATed? Sorry, I haven't followed the thread at all. To answer this question, some malformed, suspicious packets can be dropped by the netfilter code itself, and even the networking code. I don't pretend it's your case but anyway, you can patch your kernel with the dropped-table patch (available from patch-o-matic). This will let you log dropped packets. Also, if you're worried about where in your ruleset the packet gets dropped, use nf-log, raw table, TRACE patches to get a complete packets traversal logging. Hope am not way off the subject. > > -- > /Ola Nilsson > > > Cheers, Samuel
