Ramunas Vabolis wrote: > running lynx http://any.host.com from real.ip > > running tcpdump on inner interface: > tcpdump -i ethlocal -n host real.ip and port 80 > > does show connection attempts while > tcpdump -i ethoutside -n host real.ip and port 80 > is silent. > > iptables -t raw -vxnL shows that first rule is hit couple times, the > second rule is never hit. Then the problem is not in the raw table. Something else is dropping the first syn packet after it has been through the raw table. You should see an outgoing syn packet before you start worrying about the second rule being hit. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
