2009/10/7 Brian Austin - Standard Universal <brian@xxxxxxxxxxxxxxxxxxxxxxxx>: > you could list your rules to prove that they look ok. > > iptables -t nat --list -V > I've tried changing br-lan to br0 and enclosing it in quotes but neither work. Here is the output from the above # iptables -L -v -t nat Chain PREROUTING (policy ACCEPT 4 packets, 532 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- br0 any anywhere anywhere tcp dpt:80 redir ports 3128 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination And again, testing DROPing instead # iptables -L -v -t nat Chain PREROUTING (policy ACCEPT 4 packets, 532 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- br0 any anywhere anywhere tcp dpt:80 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination With both these rules in place I've ran tcpdump and watched traffic go over br0 on port 80. What does the 4 packets and 532 bytes mean? That doesn't seem to be increasing as I do anything and isn't reset when I do a flush. Robin > > > Rakotomandimby Mihamina wrote: >> >> 10/07/2009 02:44 PM, Robin Wood:: >>> >>> br-lan >>> What am I doing wrong? >> >> IMHO, the "-" in br-lan is wrong. >> escape/protect it with "br-lan" or something like that. >> > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html