2011/8/21 Pandu Poluan <pandu@xxxxxxxxxxx>: > Just a hunch; do this: > > iptables -t nat -I POSTROUTING -p udp --dport $DHCP_SRV_PORT -j ACCEPT > > (sorry, for some unknown reason, I can't open any web site; > $DHCP_SRV_PORT should be 67 or 68, I forgot which) According to the logs, the requests come in port 67. > In effect, the above rule causes DHCP packets going to the DHCP server > to bypass the MASQUERADE target. Running this after the script has no effect in this behavior. iptables -t nat -I POSTROUTING -p udp --dport 67 -j ACCEPT Thanks for the tip. -- Vinicius Massuchetto -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html