On Tue, 2009-07-14 at 14:27 +0200, Thomas Jacob wrote: > Is eth0 your actual interface then? This was just an example to give you > the general idea, of course you need to adjust that to your case. Yes, certainly. The interface is eth0. > Maybe you could post the LOG output from the rules below here, so we can > see what's wrong I tried to connect from a host with the address 172.20.2.40. Here are the log lines of 172.20.1.245: Jul 14 10:48:46 pro kernel: PREROUTING_before:IN=eth0 OUT= MAC=00:13:72:fc:1d:e5:00:13:21:e7:e8:00:08:00 SRC=172.20.2.40 DST=172.20.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=4621 DF PROTO=TCP SPT=1749 DPT=10025 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 14 10:48:49 pro kernel: PREROUTING_before:IN=eth0 OUT= MAC=00:13:72:fc:1d:e5:00:13:21:e7:e8:00:08:00 SRC=172.20.2.40 DST=172.20.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=4624 DF PROTO=TCP SPT=1749 DPT=10025 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 14 10:48:55 pro kernel: PREROUTING_before:IN=eth0 OUT= MAC=00:13:72:fc:1d:e5:00:13:21:e7:e8:00:08:00 SRC=172.20.2.40 DST=172.20.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=4691 DF PROTO=TCP SPT=1749 DPT=10025 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Regards, Simion. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
