The only ideas people came up with was the conntrack table, but I know that's not a problem (I see no errors at all, plus manually checking it is fine). So now I'm wondering how I can debug netfilter itself? kernel debugger? I can see the packets come into the host using tcpdump/ethereal, but they don't go out the internal interface, so not sure how to "track" the packet within the kernel. Ideas? Thanks, Dan
