Hi All, I'm trying to set up a rule that will send an icmp-host-unreachable (or similar) back to the local machine (inside the NAT) if they try to connect to an external host on a specified port range. I know I'm missing something obvious, but I can't seem to figure out what I'm missing. iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 10000:11000 -j REJECT --reject-with icmp-host-unreachable The above command returns with "Invalid Argument". If I simply replace "-j REJECT --reject-with icmp-host-unreachabel" with "-j DROP" iptables accepts it. What am I missing? TIA! Ryan
