On Mon, May 14, 2012 at 8:33 AM, Tom van Leeuwen <tom.van.leeuwen@xxxxxxxxxxxxx> wrote: > Alright, > Judging your ruleset the only relevant lines for your host 172.24.50.3 would > be: > > :FORWARD DROP [2:80] > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -s 172.24.50.3/32 -m state --state NEW -j ACCEPT > -A FORWARD -j LOG --log-prefix "IPT FORWARD packet died: " > > And you said that restricting destination does not work. Your rule: > > iptables -A FORWARD -s 172.24.50.3 -d 1.1.1.0/24 -m state --state NEW -j > ACCEPT > > You say it does not work. If that is the case, your packets are logged and > dropped. > Could you paste the log entries for your host 172.24.50.3? > > Nothing, no drops ... But connections died by timeout ... -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html