Hi! I got Kernel 2.6.22 und do some Masquerade for my Windows boxes. My problem get visible in this rule: Chain INPUT (policy DROP 0 packets, 0 bytes) 113 87963 DROP_LOG 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW This rule is at bottom of my INPUT-Chain. Kernel says: DROP: IN=ppp0 OUT= MAC= SRC=217.13.68.183 DST=91.xx.xx.xx LEN=58 TOS=0x00 PREC=0x00 TTL=59 ID=55058 DF PROTO=TCP SPT=80 DPT=2409 WINDOW=14520 RES=0x00 ACK URGP=0 This ACK packet belongs to surfing WWW and should never get into INPUT-Chain. The problem occurs randomly. Is this a bug? A why hit a rule for SYN packets at ACK packets? -- Jetzt 1 Monat kostenlos! GMX FreeDSL - Telefonanschluss + DSL für nur 17,95 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html