On 8/4/05, Ricardo J. Méndez <mendezster@xxxxxxxxx> wrote: > But I 'm testing this from a desktop on the network, not the firewall > itself. PREROUTING should apply to those packets, correct? In that case, the problem you're seeing is exactly that which is discussed in the HOWTO link I posted last time. It's also explained by Jason's link. The idea is that packets TO the server are indeed being correctly mangled by the router, but return packets go directly from server to client. The client expects the reply from the router, sees some spurious traffic from the server, and drops the traffic. The netfilter list sees some variation of this question once every week or so. You're definitely not alone. =) Another attempt to explain it: https://lists.netfilter.org/pipermail/netfilter/2005-July/061636.html
